Overview

overview

10

Static

static

3

c4a708cd4c...16.exe

windows7-x64

10

c4a708cd4c...16.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4a708cd4c0a21ec777c1933a4347d16.exe

  • Size

    4.2MB

  • Sample

    230530-l6sx2sgh76

  • MD5

    c4a708cd4c0a21ec777c1933a4347d16

  • SHA1

    33334d0fbee53016b1385078816d21c70abeb1a5

  • SHA256

    d5de4cb74e865fdf0a79cfa5d636bd8158bf461ba4e0c59261fe7d133bdd9407

  • SHA512

    518e4ef04c78791f788faa8e2c0384818a769d8b411b6e0a2327855b31f2128ecddd88aae4ead2f0fc684b8d85115faf69c077a24a169b66109401a79026beb7

  • SSDEEP

    6144:5WC6Lf8HuLk5z2TPQIonfaFi9G0ei+jvbalhZV9W71:5WC6DiUk5zq4ffaFQG0qjvWPZW

Score
10/10
rhadamanthysstealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://31.220.57.50/abctop/oy7xup.thms

Targets

    • Target

      c4a708cd4c0a21ec777c1933a4347d16.exe

    • Size

      4.2MB

    • MD5

      c4a708cd4c0a21ec777c1933a4347d16

    • SHA1

      33334d0fbee53016b1385078816d21c70abeb1a5

    • SHA256

      d5de4cb74e865fdf0a79cfa5d636bd8158bf461ba4e0c59261fe7d133bdd9407

    • SHA512

      518e4ef04c78791f788faa8e2c0384818a769d8b411b6e0a2327855b31f2128ecddd88aae4ead2f0fc684b8d85115faf69c077a24a169b66109401a79026beb7

    • SSDEEP

      6144:5WC6Lf8HuLk5z2TPQIonfaFi9G0ei+jvbalhZV9W71:5WC6DiUk5zq4ffaFQG0qjvWPZW

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks