Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    452c0558713dac55a25f47217368c54ed4d41a97b677c66b4af291cc7f9da862

  • Size

    440KB

  • Sample

    230617-lg4cgsbb97

  • MD5

    279670b1d010792b94c5179e7ff2381d

  • SHA1

    c4d1d9d4de1b8468e3870e4013f52cd3ca90e867

  • SHA256

    452c0558713dac55a25f47217368c54ed4d41a97b677c66b4af291cc7f9da862

  • SHA512

    1706471884fbc24ac2761c835a735b3bac31e3680b406526b68465c7e7abbc24057565014a24fd01991faf9fbdfdf93aa16d4c0a35479d3c9332e437c73b0b38

  • SSDEEP

    12288:+DPSIa1AnJJAtSffrOFo+BQ7kJghOZ0WQNnQ/:DlyAtSmo+B7J63nQ

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      452c0558713dac55a25f47217368c54ed4d41a97b677c66b4af291cc7f9da862

    • Size

      440KB

    • MD5

      279670b1d010792b94c5179e7ff2381d

    • SHA1

      c4d1d9d4de1b8468e3870e4013f52cd3ca90e867

    • SHA256

      452c0558713dac55a25f47217368c54ed4d41a97b677c66b4af291cc7f9da862

    • SHA512

      1706471884fbc24ac2761c835a735b3bac31e3680b406526b68465c7e7abbc24057565014a24fd01991faf9fbdfdf93aa16d4c0a35479d3c9332e437c73b0b38

    • SSDEEP

      12288:+DPSIa1AnJJAtSffrOFo+BQ7kJghOZ0WQNnQ/:DlyAtSmo+B7J63nQ

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks