Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6574821e75907938b8749a94aada92533dc9091d6c51bc2623cfdf76747c952

  • Size

    440KB

  • Sample

    230617-nalj7sbe63

  • MD5

    55fa2ddc0ae01966455398fa41f16f09

  • SHA1

    a6eb19f6c11510d361a6df8a56e3316aaec26a96

  • SHA256

    c6574821e75907938b8749a94aada92533dc9091d6c51bc2623cfdf76747c952

  • SHA512

    83c8f60d2ad78527180938970bb1df1b1a5e2fecd7fa41babf3422f98b24a08f70306fb484f7ee8f1d3a80aec693ebf9ed636a2449778a5eb073f4b8438063e3

  • SSDEEP

    6144:s0ZTvnDi2NI89xS/19oe7bxqJnYtdWlJZqGn/gbOetgGQOATNETdgH:pTvLNP9I/19ohGKnaA7OONETe

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      c6574821e75907938b8749a94aada92533dc9091d6c51bc2623cfdf76747c952

    • Size

      440KB

    • MD5

      55fa2ddc0ae01966455398fa41f16f09

    • SHA1

      a6eb19f6c11510d361a6df8a56e3316aaec26a96

    • SHA256

      c6574821e75907938b8749a94aada92533dc9091d6c51bc2623cfdf76747c952

    • SHA512

      83c8f60d2ad78527180938970bb1df1b1a5e2fecd7fa41babf3422f98b24a08f70306fb484f7ee8f1d3a80aec693ebf9ed636a2449778a5eb073f4b8438063e3

    • SSDEEP

      6144:s0ZTvnDi2NI89xS/19oe7bxqJnYtdWlJZqGn/gbOetgGQOATNETdgH:pTvLNP9I/19ohGKnaA7OONETe

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks