Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c76c9dfbdac05e5e252163bebd3fc13e823287d52702fcc8ba1de44e055c043f

  • Size

    491KB

  • Sample

    230618-rqwlwsgg71

  • MD5

    0dfa747ae78fc193949de0dce03d9aa0

  • SHA1

    f8b063297cea093ba1064670799e428f44959dda

  • SHA256

    c76c9dfbdac05e5e252163bebd3fc13e823287d52702fcc8ba1de44e055c043f

  • SHA512

    a52b1b187bce898bce05853e3b7cdc4c6335be136a9a0979461e590808037a484b019e7a2d7c229938de6cb3ea82b9abe9a801f4162d7bf5b05de796d5994ed9

  • SSDEEP

    6144:8o6Z9gjkpQemjWtE2Gb3+ICyEsuFMnDIcWLYKEDb8QwrWtfdc7ggkFAhTvir:fk/a/bBVEP2fXtPxtCNG

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      c76c9dfbdac05e5e252163bebd3fc13e823287d52702fcc8ba1de44e055c043f

    • Size

      491KB

    • MD5

      0dfa747ae78fc193949de0dce03d9aa0

    • SHA1

      f8b063297cea093ba1064670799e428f44959dda

    • SHA256

      c76c9dfbdac05e5e252163bebd3fc13e823287d52702fcc8ba1de44e055c043f

    • SHA512

      a52b1b187bce898bce05853e3b7cdc4c6335be136a9a0979461e590808037a484b019e7a2d7c229938de6cb3ea82b9abe9a801f4162d7bf5b05de796d5994ed9

    • SSDEEP

      6144:8o6Z9gjkpQemjWtE2Gb3+ICyEsuFMnDIcWLYKEDb8QwrWtfdc7ggkFAhTvir:fk/a/bBVEP2fXtPxtCNG

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks