Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    302KB

  • Sample

    230328-n5c7bace3v

  • MD5

    7b9742c442c28ca29907a0ffcaca47fa

  • SHA1

    d59023f60d89c785da29165a5df7d8b80f790d87

  • SHA256

    6d615929475897b42f7bbc9ae8a5fdc591a15a08ab4696dbabb3ff912fb5cbf9

  • SHA512

    e4810b23a677b9eac6946ce33f1d30e6ce7be826889791fc94667fa123416279a5dfb50fbf54f6b22e8e971e3a121d42219ceadac6a2313c507763d0c921453d

  • SSDEEP

    6144:/DB9/8sAqMQ107vvjmokAxGnHZIkIx1P7:bB9/8JE1OvCixGnm

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      tmp

    • Size

      302KB

    • MD5

      7b9742c442c28ca29907a0ffcaca47fa

    • SHA1

      d59023f60d89c785da29165a5df7d8b80f790d87

    • SHA256

      6d615929475897b42f7bbc9ae8a5fdc591a15a08ab4696dbabb3ff912fb5cbf9

    • SHA512

      e4810b23a677b9eac6946ce33f1d30e6ce7be826889791fc94667fa123416279a5dfb50fbf54f6b22e8e971e3a121d42219ceadac6a2313c507763d0c921453d

    • SSDEEP

      6144:/DB9/8sAqMQ107vvjmokAxGnHZIkIx1P7:bB9/8JE1OvCixGnm

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks