Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6f67ec46d3a9a190c91c678545737949f45df0166a7ba1eee5efeeedac0d3ed

  • Size

    489KB

  • Sample

    230618-t4n53she2y

  • MD5

    8e95f22eda07186be524c5cdc44b2cb8

  • SHA1

    689633d8cd57724e572251b7475f57184cfb2b20

  • SHA256

    c6f67ec46d3a9a190c91c678545737949f45df0166a7ba1eee5efeeedac0d3ed

  • SHA512

    71e002c011923fcae176cf73fa8b093c824ad2ba1114d846a428f3210a2fa0bed355a0e94f3e602e178259dbcaadebf0caaefd5cc4a5448eac20030da5522c0d

  • SSDEEP

    6144:shZzjmHBN4HrPkZwcRTX+0rFFzVdqUx49yIyDKYYkLTGp7VzCWiiCel42IKwBOpi:dSkZjR7jrF1VYG40Iye2gdCjTKwB9

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      c6f67ec46d3a9a190c91c678545737949f45df0166a7ba1eee5efeeedac0d3ed

    • Size

      489KB

    • MD5

      8e95f22eda07186be524c5cdc44b2cb8

    • SHA1

      689633d8cd57724e572251b7475f57184cfb2b20

    • SHA256

      c6f67ec46d3a9a190c91c678545737949f45df0166a7ba1eee5efeeedac0d3ed

    • SHA512

      71e002c011923fcae176cf73fa8b093c824ad2ba1114d846a428f3210a2fa0bed355a0e94f3e602e178259dbcaadebf0caaefd5cc4a5448eac20030da5522c0d

    • SSDEEP

      6144:shZzjmHBN4HrPkZwcRTX+0rFFzVdqUx49yIyDKYYkLTGp7VzCWiiCel42IKwBOpi:dSkZjR7jrF1VYG40Iye2gdCjTKwB9

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks