Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9414b9ba3215acdcdaaa079a6c6c3828a0b2a56dffaa2331248a732f715f0f0

  • Size

    495KB

  • Sample

    230301-lgap6sfe97

  • MD5

    dbf81a97158a01d20cf48fedc9987d32

  • SHA1

    137bd07b0d7df98cc8f3896d14be8e45d6b20d66

  • SHA256

    b9414b9ba3215acdcdaaa079a6c6c3828a0b2a56dffaa2331248a732f715f0f0

  • SHA512

    c316a6748fdbb08b427e13b6ea82b005138a257ab17783911e5939a9b2af73d612fcbd4aa83a7df17dad16b7c9cf62df6bdf99131c928f1bb98eee39068856ee

  • SSDEEP

    6144:nsw7fsZ5O+OAJ9A64SPILrqr4+NOQ0cP4lALq2It2TUbbAo8yswn155D8Kq3eSNI:LO5dJ9hpgyrhgQ0cl0gM1n155hEeSK

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      b9414b9ba3215acdcdaaa079a6c6c3828a0b2a56dffaa2331248a732f715f0f0

    • Size

      495KB

    • MD5

      dbf81a97158a01d20cf48fedc9987d32

    • SHA1

      137bd07b0d7df98cc8f3896d14be8e45d6b20d66

    • SHA256

      b9414b9ba3215acdcdaaa079a6c6c3828a0b2a56dffaa2331248a732f715f0f0

    • SHA512

      c316a6748fdbb08b427e13b6ea82b005138a257ab17783911e5939a9b2af73d612fcbd4aa83a7df17dad16b7c9cf62df6bdf99131c928f1bb98eee39068856ee

    • SSDEEP

      6144:nsw7fsZ5O+OAJ9A64SPILrqr4+NOQ0cP4lALq2It2TUbbAo8yswn155D8Kq3eSNI:LO5dJ9hpgyrhgQ0cl0gM1n155hEeSK

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks