Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a8918b0d74af8c29d44cf08dc0c3bffc8be366c48e31fb1e567ae832e2d8d4a

  • Size

    367KB

  • Sample

    230328-qry8qsch7s

  • MD5

    395f1151b0c4cbacc5593d0ceb721e94

  • SHA1

    c1ff9f4f989d6d3c16152fddf5a5ea6f991890a6

  • SHA256

    1a8918b0d74af8c29d44cf08dc0c3bffc8be366c48e31fb1e567ae832e2d8d4a

  • SHA512

    28f19c335edfcce065526957c69eadccde100f47d4fa8e072763f0d787187be5405d59f3fb713b0c87e8614f0024abf7cdb0cdb4276a258b0fcc28cbe6100559

  • SSDEEP

    6144:Y8Q+x+8XxGYQEy/1veaDUBS//phtDDTS:Y8Q+IYxGzJGW/NzS

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      1a8918b0d74af8c29d44cf08dc0c3bffc8be366c48e31fb1e567ae832e2d8d4a

    • Size

      367KB

    • MD5

      395f1151b0c4cbacc5593d0ceb721e94

    • SHA1

      c1ff9f4f989d6d3c16152fddf5a5ea6f991890a6

    • SHA256

      1a8918b0d74af8c29d44cf08dc0c3bffc8be366c48e31fb1e567ae832e2d8d4a

    • SHA512

      28f19c335edfcce065526957c69eadccde100f47d4fa8e072763f0d787187be5405d59f3fb713b0c87e8614f0024abf7cdb0cdb4276a258b0fcc28cbe6100559

    • SSDEEP

      6144:Y8Q+x+8XxGYQEy/1veaDUBS//phtDDTS:Y8Q+IYxGzJGW/NzS

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks