Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    458KB

  • Sample

    230617-1v24xacg8x

  • MD5

    6f30ce2977255c6ea441762f55a5503d

  • SHA1

    dd74130e250d168ff2c0503d49dda1e1a1ed4a65

  • SHA256

    e3c530a8f37ef3b74788e33c2483ef02b54009a89f981959b0619fab7462afc8

  • SHA512

    8640e3c6aee7029b3f0c57d1838ef0d35f7a63a85d7c4a626f201bcc36643b5f074cc1380b65483adc3ba720dbfa182659be2968a27ecf82771528c4af8074da

  • SSDEEP

    12288:nM1cATkHAn/yIjI5H7iOrKx3qDM+ndf8pMdW6Rh:/ATVdmH7VrOq3Nm6R

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      458KB

    • MD5

      6f30ce2977255c6ea441762f55a5503d

    • SHA1

      dd74130e250d168ff2c0503d49dda1e1a1ed4a65

    • SHA256

      e3c530a8f37ef3b74788e33c2483ef02b54009a89f981959b0619fab7462afc8

    • SHA512

      8640e3c6aee7029b3f0c57d1838ef0d35f7a63a85d7c4a626f201bcc36643b5f074cc1380b65483adc3ba720dbfa182659be2968a27ecf82771528c4af8074da

    • SSDEEP

      12288:nM1cATkHAn/yIjI5H7iOrKx3qDM+ndf8pMdW6Rh:/ATVdmH7VrOq3Nm6R

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks