Overview

overview

10

Static

static

3

06250599.exe

windows7-x64

10

06250599.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06250599.exe

  • Size

    508KB

  • Sample

    230618-m7st4seh64

  • MD5

    83243eae62ea7c139eb7850db2349334

  • SHA1

    a9d0036539416423716cbc7d9cf09d44ae066b81

  • SHA256

    07e766f67125c99500dac7dc2a2eab8ab38db92722ec949b1f4d18f55b717aa6

  • SHA512

    4e68e82714de7df8a1f4e8fdd3a0576078fe314d4272f2e09b4d173b63ac7c28c8ab3fcb72268283d3663647c81293b725b3244747b3671c51c40f968f3767e4

  • SSDEEP

    6144:vclsfJOrA4dB1oPqw2yaG6S+fXaROmJRmpvA5N89jjBVahQk666RDTBr:vcmBO072HSbErvD9jjBsWXDr

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      06250599.exe

    • Size

      508KB

    • MD5

      83243eae62ea7c139eb7850db2349334

    • SHA1

      a9d0036539416423716cbc7d9cf09d44ae066b81

    • SHA256

      07e766f67125c99500dac7dc2a2eab8ab38db92722ec949b1f4d18f55b717aa6

    • SHA512

      4e68e82714de7df8a1f4e8fdd3a0576078fe314d4272f2e09b4d173b63ac7c28c8ab3fcb72268283d3663647c81293b725b3244747b3671c51c40f968f3767e4

    • SSDEEP

      6144:vclsfJOrA4dB1oPqw2yaG6S+fXaROmJRmpvA5N89jjBVahQk666RDTBr:vcmBO072HSbErvD9jjBsWXDr

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks