Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b0fc6f67737387fc8785cc9dd184d10e5f43c15c9fcc5780981c44ec09092c2

  • Size

    491KB

  • Sample

    230618-q55bxagf51

  • MD5

    32ad5b5fb61daa6b056a8fc44ba381a2

  • SHA1

    88b4d9d5e35c0b70644c8c2f915d4a85b7f1d808

  • SHA256

    6b0fc6f67737387fc8785cc9dd184d10e5f43c15c9fcc5780981c44ec09092c2

  • SHA512

    67acdcd62da5d63d002e727004644c593bda4b472e65324e0d24d1fc1b71fd6e80fab8c293cefe9dc28d6bb930f9bfebec195e8f45f558b8f29fcb63ca538777

  • SSDEEP

    6144:uo6c9xQn0zzTfeP14NjJOm54fbjGs5teFXxPn55OMxytcGDVZ4E:En0zzTmPfm6/DOFpbhxB43

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      6b0fc6f67737387fc8785cc9dd184d10e5f43c15c9fcc5780981c44ec09092c2

    • Size

      491KB

    • MD5

      32ad5b5fb61daa6b056a8fc44ba381a2

    • SHA1

      88b4d9d5e35c0b70644c8c2f915d4a85b7f1d808

    • SHA256

      6b0fc6f67737387fc8785cc9dd184d10e5f43c15c9fcc5780981c44ec09092c2

    • SHA512

      67acdcd62da5d63d002e727004644c593bda4b472e65324e0d24d1fc1b71fd6e80fab8c293cefe9dc28d6bb930f9bfebec195e8f45f558b8f29fcb63ca538777

    • SSDEEP

      6144:uo6c9xQn0zzTfeP14NjJOm54fbjGs5teFXxPn55OMxytcGDVZ4E:En0zzTmPfm6/DOFpbhxB43

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks