Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    434KB

  • Sample

    230702-pcqsdace6y

  • MD5

    813348aad9403a44eceff45d57889456

  • SHA1

    1f6dfb5131171b0a691673e93c359a6b39f8a602

  • SHA256

    1385238544c6b990a0a3b9a6d36fe0569ff25e2406acf472134bc637931a2869

  • SHA512

    7fa2e6068e06035e3aa8f823d86d9691ffb5104494e78f9ae265f8fbaaaa3db22e81ba226b5cb01cec66a97fddf0de116759a232ea09c60ada7d2db79956b8a5

  • SSDEEP

    6144:izL6Lv4jxi5QPoM3S8Gqa7g2OVO/IFKupE7uoB9Csx91I+N+hiTfQ1mFq:qGLvjQlGqK20uGLCsZ3NXv

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      tmp

    • Size

      434KB

    • MD5

      813348aad9403a44eceff45d57889456

    • SHA1

      1f6dfb5131171b0a691673e93c359a6b39f8a602

    • SHA256

      1385238544c6b990a0a3b9a6d36fe0569ff25e2406acf472134bc637931a2869

    • SHA512

      7fa2e6068e06035e3aa8f823d86d9691ffb5104494e78f9ae265f8fbaaaa3db22e81ba226b5cb01cec66a97fddf0de116759a232ea09c60ada7d2db79956b8a5

    • SSDEEP

      6144:izL6Lv4jxi5QPoM3S8Gqa7g2OVO/IFKupE7uoB9Csx91I+N+hiTfQ1mFq:qGLvjQlGqK20uGLCsZ3NXv

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks