Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/03/2023, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d920c9dc398bcc17b9fba347b1f371e54165da5f405735fcd9baa0b5de86c83b.exe

  • Size

    359KB

  • MD5

    ff99d0dbb753c4f646f98788fe978354

  • SHA1

    6126694f366f86c8864a328a9f1bdc4dc0ad839c

  • SHA256

    d920c9dc398bcc17b9fba347b1f371e54165da5f405735fcd9baa0b5de86c83b

  • SHA512

    028154dc7f88730a56ee9c9625122e3e3986964282767c07ca03a6485d964180a5210c9bd78b6502d5d5383889f1e887faf12b3f3737046a196a5bd663ee8e49

  • SSDEEP

    6144:lXJ4LY1Tr9JArhttbLWE5IPXaBNI/Lj8+Eu:BJ4sT5JAlnp5I/aB6/LEu

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 5 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d920c9dc398bcc17b9fba347b1f371e54165da5f405735fcd9baa0b5de86c83b.exe
    "C:\Users\Admin\AppData\Local\Temp\d920c9dc398bcc17b9fba347b1f371e54165da5f405735fcd9baa0b5de86c83b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1584-134-0x0000000002CC0000-0x0000000002CEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1584-135-0x0000000000400000-0x0000000002B0A000-memory.dmp

    Filesize

    39.0MB

    Download

  • memory/1584-136-0x0000000002CC0000-0x0000000002CEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1584-139-0x0000000002C90000-0x0000000002CAC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1584-140-0x0000000002CF0000-0x0000000002D0A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1584-141-0x0000000002C90000-0x0000000002CAC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1584-143-0x0000000002CF0000-0x0000000002D0A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1584-144-0x0000000002C90000-0x0000000002CAC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1584-145-0x0000000000400000-0x0000000002B0A000-memory.dmp

    Filesize

    39.0MB

    Download

  • memory/1584-147-0x0000000002CF0000-0x0000000002D0A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1584-146-0x0000000002C90000-0x0000000002CAC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1584-148-0x0000000002CF0000-0x0000000002D0A000-memory.dmp

    Filesize

    104KB

    Download