General
-
Target
file.exe
-
Size
5MB
-
Sample
230130-kep7eahg35
-
MD5
d384b4d1d761853f01257a96d02e8300
-
SHA1
d33265591eedddf7d7af5a932bc8e4e4a2229e6c
-
SHA256
ac2fcadee1d8209ad9d5f3842020adb3ec81d0bd0bf977a726edaecfd26ac317
-
SHA512
7b6be8dbcb0875f6c16f28a8594cdfe895902b09252b4631c4181baedaa4bf9159920f045f254f4c51be34aa9ad70e6a2c3630cd4d0e4dd6a046998b67e108bb
-
SSDEEP
98304:adFwHQR3l8sa3HlTKPGmrI2TpY8g26sTYlt4b8nXE:arR7a3lTKualK8g2/Tm4z
Malware Config
Targets
-
-
Target
file.exe
-
Size
5MB
-
MD5
d384b4d1d761853f01257a96d02e8300
-
SHA1
d33265591eedddf7d7af5a932bc8e4e4a2229e6c
-
SHA256
ac2fcadee1d8209ad9d5f3842020adb3ec81d0bd0bf977a726edaecfd26ac317
-
SHA512
7b6be8dbcb0875f6c16f28a8594cdfe895902b09252b4631c4181baedaa4bf9159920f045f254f4c51be34aa9ad70e6a2c3630cd4d0e4dd6a046998b67e108bb
-
SSDEEP
98304:adFwHQR3l8sa3HlTKPGmrI2TpY8g26sTYlt4b8nXE:arR7a3lTKualK8g2/Tm4z
Score10/10-
Detect rhadamanthys stealer shellcode
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation