Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/04/2023, 05:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff500d61a43e135f0b3ca48e8c9e760e6d08fc0d9fc9b36ae7790dc2dbfba071.exe

  • Size

    257KB

  • MD5

    d0a8e9383b3e36dee5f9222f827c7615

  • SHA1

    516812f265f8b3ce1af787bfa1dd1bfeb426e2cd

  • SHA256

    ff500d61a43e135f0b3ca48e8c9e760e6d08fc0d9fc9b36ae7790dc2dbfba071

  • SHA512

    73a4096c33c1b3ff42d60c6835fbd0ed240ee2ddd089cc7e70bd02688432672d432a517ce0169af9451098c0f3fb40f9975fde927816995fb546658e4078b1ae

  • SSDEEP

    3072:tHYBEo83Gk/hdEdqaensiWFwV2JVZWmDNncsW5fkD2/O9iT1QPS5/8QS:6KP2g+0eFzVDZ+Six8

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff500d61a43e135f0b3ca48e8c9e760e6d08fc0d9fc9b36ae7790dc2dbfba071.exe
    "C:\Users\Admin\AppData\Local\Temp\ff500d61a43e135f0b3ca48e8c9e760e6d08fc0d9fc9b36ae7790dc2dbfba071.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4124-117-0x00000000004B0000-0x00000000004DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4124-118-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4124-121-0x00000000001E0000-0x00000000001FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4124-123-0x00000000001E0000-0x00000000001FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4124-124-0x0000000002110000-0x0000000002112000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4124-125-0x0000000002110000-0x0000000002113000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4124-126-0x00000000001E0000-0x00000000001FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4124-127-0x0000000000400000-0x00000000004AF000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4124-128-0x00000000001E0000-0x00000000001FC000-memory.dmp

    Filesize

    112KB

    Download