Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98d55b44bfa0e2967d3b9ef0cf3d7fda40f7ee279a2ab08df2a25c719c7d11d0

  • Size

    458KB

  • Sample

    230617-195hksch7v

  • MD5

    533e9770f2918a9c1e7591917647712f

  • SHA1

    121e43836d37cacf8a7526f6dedc88f749313f77

  • SHA256

    98d55b44bfa0e2967d3b9ef0cf3d7fda40f7ee279a2ab08df2a25c719c7d11d0

  • SHA512

    d4d55e368275eb775362b8ca37dd9cfbf1a801d441ac38b79fec200833bc58b3606d32e854ec6434510b9389480f62094e99a8787d28bda8c35d5cedee87e2c6

  • SSDEEP

    6144:8rks+ek1UUW9+KaH3PtEecvCqfd3d9qHnbsEC2nl5w5MY9ZtTL58HGRD:8b+ek/jN3PtLcv13d96TC2leR9ZtHVR

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      98d55b44bfa0e2967d3b9ef0cf3d7fda40f7ee279a2ab08df2a25c719c7d11d0

    • Size

      458KB

    • MD5

      533e9770f2918a9c1e7591917647712f

    • SHA1

      121e43836d37cacf8a7526f6dedc88f749313f77

    • SHA256

      98d55b44bfa0e2967d3b9ef0cf3d7fda40f7ee279a2ab08df2a25c719c7d11d0

    • SHA512

      d4d55e368275eb775362b8ca37dd9cfbf1a801d441ac38b79fec200833bc58b3606d32e854ec6434510b9389480f62094e99a8787d28bda8c35d5cedee87e2c6

    • SSDEEP

      6144:8rks+ek1UUW9+KaH3PtEecvCqfd3d9qHnbsEC2nl5w5MY9ZtTL58HGRD:8b+ek/jN3PtLcv13d96TC2leR9ZtHVR

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks