Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4efbe277a360ad01da7dd0f6a8186e4a19e39e7a697c2881ca1c1da623cb9618

  • Size

    2.8MB

  • Sample

    230317-gt82aaee63

  • MD5

    417cff12e8af2d5a640e1eda35cdda4f

  • SHA1

    95836eb8462cb3ea7c07dd7d016b49bbd7c95074

  • SHA256

    4efbe277a360ad01da7dd0f6a8186e4a19e39e7a697c2881ca1c1da623cb9618

  • SHA512

    e3b163751ca9cf924a1c74318994f6067219876d7f7e009e1e024bfe3e5a1f995cd907bd29b555b6648fb86d567573445ee672d4946fa27d6f481da8f7954477

  • SSDEEP

    24576:xxxTFery2SWEtsSsuaCIpWWWgd6+nYM/1khKtu1Dze6HDpLO3KthT/JqwzESJVcG:gWWWgdDqG3QjxYU4hE1zE9Z1P

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      4efbe277a360ad01da7dd0f6a8186e4a19e39e7a697c2881ca1c1da623cb9618

    • Size

      2.8MB

    • MD5

      417cff12e8af2d5a640e1eda35cdda4f

    • SHA1

      95836eb8462cb3ea7c07dd7d016b49bbd7c95074

    • SHA256

      4efbe277a360ad01da7dd0f6a8186e4a19e39e7a697c2881ca1c1da623cb9618

    • SHA512

      e3b163751ca9cf924a1c74318994f6067219876d7f7e009e1e024bfe3e5a1f995cd907bd29b555b6648fb86d567573445ee672d4946fa27d6f481da8f7954477

    • SSDEEP

      24576:xxxTFery2SWEtsSsuaCIpWWWgd6+nYM/1khKtu1Dze6HDpLO3KthT/JqwzESJVcG:gWWWgdDqG3QjxYU4hE1zE9Z1P

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks