Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2023 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d8e3672382c82fcf6f7d44e102f29d19fb66d3d4e6235b91073dcc5212ab257.exe

  • Size

    357KB

  • MD5

    5a62c142760a0ba2242c93002dd9cdd8

  • SHA1

    2b8850048c77388a71e07cfea8c1e5c208fcfe81

  • SHA256

    8d8e3672382c82fcf6f7d44e102f29d19fb66d3d4e6235b91073dcc5212ab257

  • SHA512

    0abf05004c24f7190ed23713abb553e0ddb1035122a1ff6153c2efc0781a2f4fe3ea91c0c66fa278f27229557dfdc1b805035512f70231b2805fddda72ba0368

  • SSDEEP

    6144:nJMFLOu1294tlmzO1eB6qykCZ7FadI0tRXRtS/7PgjVaS:nJIF1a4t061QA5Z7AdIIxqbXS

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d8e3672382c82fcf6f7d44e102f29d19fb66d3d4e6235b91073dcc5212ab257.exe
    "C:\Users\Admin\AppData\Local\Temp\8d8e3672382c82fcf6f7d44e102f29d19fb66d3d4e6235b91073dcc5212ab257.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2276-134-0x0000000004850000-0x000000000487E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2276-135-0x0000000000400000-0x0000000002B09000-memory.dmp

    Filesize

    39.0MB

    Download

  • memory/2276-136-0x0000000004850000-0x000000000487E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2276-139-0x0000000004880000-0x000000000489C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2276-141-0x0000000004880000-0x000000000489C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2276-142-0x00000000048A0000-0x00000000048BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2276-143-0x00000000048A0000-0x00000000048BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2276-144-0x0000000004880000-0x000000000489C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2276-145-0x0000000000400000-0x0000000002B09000-memory.dmp

    Filesize

    39.0MB

    Download

  • memory/2276-146-0x0000000004880000-0x000000000489C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2276-147-0x00000000048A0000-0x00000000048BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2276-148-0x00000000048A0000-0x00000000048BA000-memory.dmp

    Filesize

    104KB

    Download