Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dcd73199b386b86ee84ac0865e12162162042b2e6a76537dfa788b09cfadbe4

  • Size

    490KB

  • Sample

    230618-nacbjaeh98

  • MD5

    c698be80592035d26590a0d20b6f9c89

  • SHA1

    eeff43061e20ab16ca90ef5eb61da260fadb55b8

  • SHA256

    4dcd73199b386b86ee84ac0865e12162162042b2e6a76537dfa788b09cfadbe4

  • SHA512

    04c082a881d54afe77cedb6b433745e011d70ee8afef66ca128ac3df90bc2550d5c3389c1ab80265dc816530d90f2046536697d02d88b87165e177c63b799418

  • SSDEEP

    6144:GgSI6onmGEcQiA1Gtb+oSnJjzE2CghHCyliZBrJtT7/aJ1V4Bk2AUG7dBDRXPQY:97meQ3oSmvghjwZBT7/vpE7bVXv

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      4dcd73199b386b86ee84ac0865e12162162042b2e6a76537dfa788b09cfadbe4

    • Size

      490KB

    • MD5

      c698be80592035d26590a0d20b6f9c89

    • SHA1

      eeff43061e20ab16ca90ef5eb61da260fadb55b8

    • SHA256

      4dcd73199b386b86ee84ac0865e12162162042b2e6a76537dfa788b09cfadbe4

    • SHA512

      04c082a881d54afe77cedb6b433745e011d70ee8afef66ca128ac3df90bc2550d5c3389c1ab80265dc816530d90f2046536697d02d88b87165e177c63b799418

    • SSDEEP

      6144:GgSI6onmGEcQiA1Gtb+oSnJjzE2CghHCyliZBrJtT7/aJ1V4Bk2AUG7dBDRXPQY:97meQ3oSmvghjwZBT7/vpE7bVXv

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks