Overview

overview

10

Static

static

3

a.exe

windows10-1703-x64

10

a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a.exe

  • Size

    979KB

  • Sample

    230510-3dtsbace5w

  • MD5

    20f70cdf44bd28fc1b1f1dd69c99f22e

  • SHA1

    e19928d2871098c4488cf71d54a860a1f6d78a36

  • SHA256

    d02711122b130cd44c721437f4f2767b9c61b832fe6e3d35536f745d131d16ff

  • SHA512

    858b6acaf44cedf4f1d8660c86a70bf96779658a27ba02aa298faca3ca48063725cb50cc8168180195ff8ac3258e28a2ee9b064352c2b2a55bbeeec1c33cef84

  • SSDEEP

    24576:CeGVZ9/e0wilWWC7rD/QTYrpGzaVWWeiZfsPHY:4320uWt4pGmVzZAY

Score
10/10
rhadamanthysstealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://8002.motorline.pw/api/9wcnem.x0vs

Targets

    • Target

      a.exe

    • Size

      979KB

    • MD5

      20f70cdf44bd28fc1b1f1dd69c99f22e

    • SHA1

      e19928d2871098c4488cf71d54a860a1f6d78a36

    • SHA256

      d02711122b130cd44c721437f4f2767b9c61b832fe6e3d35536f745d131d16ff

    • SHA512

      858b6acaf44cedf4f1d8660c86a70bf96779658a27ba02aa298faca3ca48063725cb50cc8168180195ff8ac3258e28a2ee9b064352c2b2a55bbeeec1c33cef84

    • SSDEEP

      24576:CeGVZ9/e0wilWWC7rD/QTYrpGzaVWWeiZfsPHY:4320uWt4pGmVzZAY

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks