Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d2225f8cf98033669c15e0f9186fe7f1d83d2635090394cccf020e7733d96b4

  • Size

    448KB

  • Sample

    230617-vereksca4w

  • MD5

    ef43b0329d4e050b3ff3169fdf8fbc14

  • SHA1

    0786a241e17ac57d313ff5f26f906dd102fa7eb4

  • SHA256

    1d2225f8cf98033669c15e0f9186fe7f1d83d2635090394cccf020e7733d96b4

  • SHA512

    76ba66fa2a6f0e4e8963762f2e203e71242edd286c2116a1468e77e9f275f3402263ed4ba95302d7094fed72d49377ad1a6db92748d8210f2eb07af4eff51d88

  • SSDEEP

    6144:6U+6AGPobx1AbGdd2jmDVdwMKQj8eVs3NF9DvbEhOaYR:e65o9+Gdzv23DzEhO5R

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      1d2225f8cf98033669c15e0f9186fe7f1d83d2635090394cccf020e7733d96b4

    • Size

      448KB

    • MD5

      ef43b0329d4e050b3ff3169fdf8fbc14

    • SHA1

      0786a241e17ac57d313ff5f26f906dd102fa7eb4

    • SHA256

      1d2225f8cf98033669c15e0f9186fe7f1d83d2635090394cccf020e7733d96b4

    • SHA512

      76ba66fa2a6f0e4e8963762f2e203e71242edd286c2116a1468e77e9f275f3402263ed4ba95302d7094fed72d49377ad1a6db92748d8210f2eb07af4eff51d88

    • SSDEEP

      6144:6U+6AGPobx1AbGdd2jmDVdwMKQj8eVs3NF9DvbEhOaYR:e65o9+Gdzv23DzEhO5R

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks