Overview

overview

10

Static

static

3

b5645b3171...95.exe

windows7-x64

10

b5645b3171...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04885099.bin

  • Size

    354KB

  • Sample

    230618-m5gdaseh32

  • MD5

    e897496f8d9c5029457964e78bb8141b

  • SHA1

    f774249f0fe0016cc400455ebe869ce693a805ed

  • SHA256

    b90c51ddd52842e6062f1ec389ac8b36f26d2f149134decee452690bef7adf4b

  • SHA512

    0be81e6de6b9fd04afd10b78f8a2d1b1dca6b8202cd82506f2b01ef3a82b0bc68a84b721a34a838ba1cbc7be726de2a81eb6d65b6bdcc1122e2fd61e67a46d78

  • SSDEEP

    6144:tMI0xRDxZJXYixvTWIfOcY6HH9P5PTlU5IoF5zXIgV468Kjz8eIYhnaFqjvMI:tADZukLZjY6d5PxUxzzjV468Kz8eIYmy

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595.exe

    • Size

      446KB

    • MD5

      82753bed041d05b32e560a5f6e96e560

    • SHA1

      66f82f505e50c9a63328bab4dfb2aaa6fe5dc1e8

    • SHA256

      b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595

    • SHA512

      dbea9ce63a9e3186f92074db7b4e6a855f1b2673e1e4e1efbe0f72a88414234633ab4f7903c1ce25e266130dfa28c34701f6d8407909e50dbb1c8c41b2ff89a9

    • SSDEEP

      12288:XXNYUuRiQi9eh4q/T4Yu9aXvWmMQszY+/CJW:XdUVi9ER/3Xvtnscpk

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks