Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e48cd7954b24d3f5b6fd2b8308c0f7ab6bc72629243bb6ff67a51892a5c38f56

  • Size

    458KB

  • Sample

    230617-yxxabsch42

  • MD5

    3d4b1986c7c8ca64dae0e9b7ab9923c7

  • SHA1

    6a7632f01b3101432b7bbefe1f669a96de2dbb65

  • SHA256

    e48cd7954b24d3f5b6fd2b8308c0f7ab6bc72629243bb6ff67a51892a5c38f56

  • SHA512

    d791d4730397de008498aca83154dedef9def2001ac81b2df599752347cfbab0fdb3a70e1eed7dfc5e597c56f4526612e2a01dee5d36d55fb6cadebe92985245

  • SSDEEP

    6144:W49Jw+aR1NjY4A8uP+/3NSNUy4REmvqwv9062cs5raA5cq37kh0FwKdN+MyRG7:5JwtrjY10pyoy62raE137kWdN+5R

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      e48cd7954b24d3f5b6fd2b8308c0f7ab6bc72629243bb6ff67a51892a5c38f56

    • Size

      458KB

    • MD5

      3d4b1986c7c8ca64dae0e9b7ab9923c7

    • SHA1

      6a7632f01b3101432b7bbefe1f669a96de2dbb65

    • SHA256

      e48cd7954b24d3f5b6fd2b8308c0f7ab6bc72629243bb6ff67a51892a5c38f56

    • SHA512

      d791d4730397de008498aca83154dedef9def2001ac81b2df599752347cfbab0fdb3a70e1eed7dfc5e597c56f4526612e2a01dee5d36d55fb6cadebe92985245

    • SSDEEP

      6144:W49Jw+aR1NjY4A8uP+/3NSNUy4REmvqwv9062cs5raA5cq37kh0FwKdN+MyRG7:5JwtrjY10pyoy62raE137kWdN+5R

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks