Overview

overview

10

Static

static

3

e3c530a8f3...c8.exe

windows7-x64

10

e3c530a8f3...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f30ce2977255c6ea441762f55a5503d.bin

  • Size

    358KB

  • Sample

    230619-bpmplaaf77

  • MD5

    8155635bab6d28f7c117c425802f8f7f

  • SHA1

    9a28b62bde2fc073d7bbed2da3aff91119c04ee7

  • SHA256

    8d8e0b2723711c984a63a85ab2b87f7460ae000bf5e6474ff7d6bd085a94c8c0

  • SHA512

    66f57fd1f403b075918dd1fa49708e82bc59037bb5a7d5564eea771f1dce0910cd0c173c5c01504a25711f827b736c165a782c3d45627a9a04b2e38d00bcf94f

  • SSDEEP

    6144:U4rrkLSy5FPOEAnDLm/XWZvZwRMIOR9BXR3OXAzt3YXs+ycP+5jLt10YJC+F4hDh:U4fkLSSFPOEAPm/XYKRMIaBXReQBoXZt

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      e3c530a8f37ef3b74788e33c2483ef02b54009a89f981959b0619fab7462afc8.exe

    • Size

      458KB

    • MD5

      6f30ce2977255c6ea441762f55a5503d

    • SHA1

      dd74130e250d168ff2c0503d49dda1e1a1ed4a65

    • SHA256

      e3c530a8f37ef3b74788e33c2483ef02b54009a89f981959b0619fab7462afc8

    • SHA512

      8640e3c6aee7029b3f0c57d1838ef0d35f7a63a85d7c4a626f201bcc36643b5f074cc1380b65483adc3ba720dbfa182659be2968a27ecf82771528c4af8074da

    • SSDEEP

      12288:nM1cATkHAn/yIjI5H7iOrKx3qDM+ndf8pMdW6Rh:/ATVdmH7VrOq3Nm6R

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks