Overview

overview

10

Static

static

1

f065e29b36...df.exe

windows7-x64

10

f065e29b36...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f065e29b36913d2895d59ca7bafb1adf.exe

  • Size

    328KB

  • Sample

    230328-gzb9haba9y

  • MD5

    f065e29b36913d2895d59ca7bafb1adf

  • SHA1

    2343abf4653cc0204b2c83c62f3d7f22c9fd1313

  • SHA256

    49a63228b6b573e791851eda054dd17b8397ec6eef267e882dbe5b7e788c08e1

  • SHA512

    e24b0e9824a81fd4271e374e84eddf119c2751b4d4d79211854fa4abfdb68b1596aa6cdba0f227f56ba71219f5103f804cd933eb92f0412c93890ae5e03234ed

  • SSDEEP

    6144:zZ5y8KQhLRjkeMtoPcAi3af05Jnb/H1ZqNquL:bAQhFjkesoUNZbf+Nqu

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      f065e29b36913d2895d59ca7bafb1adf.exe

    • Size

      328KB

    • MD5

      f065e29b36913d2895d59ca7bafb1adf

    • SHA1

      2343abf4653cc0204b2c83c62f3d7f22c9fd1313

    • SHA256

      49a63228b6b573e791851eda054dd17b8397ec6eef267e882dbe5b7e788c08e1

    • SHA512

      e24b0e9824a81fd4271e374e84eddf119c2751b4d4d79211854fa4abfdb68b1596aa6cdba0f227f56ba71219f5103f804cd933eb92f0412c93890ae5e03234ed

    • SSDEEP

      6144:zZ5y8KQhLRjkeMtoPcAi3af05Jnb/H1ZqNquL:bAQhFjkesoUNZbf+Nqu

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks