Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb9295be3b011faf14a3e3d382a24eb47cf8877f3fcbf2bbc598c92cf3a48181

  • Size

    1.4MB

  • Sample

    230713-y7r4csbh61

  • MD5

    fa6ec356a90ef16403ad579d87b05ee5

  • SHA1

    5a3495958104ab9784083fc2df2010a47abeea62

  • SHA256

    fb9295be3b011faf14a3e3d382a24eb47cf8877f3fcbf2bbc598c92cf3a48181

  • SHA512

    2997829f3fb29f0e62d5e30a9915ab7cd9f48fed161ec36fd6a3ee44745e0662e47c3acd625610f8837d6114b1007818518d2ec1c714824023020d3ec6e78e52

  • SSDEEP

    24576:Yky3+X6hglz/V6qDgwTnElepnsH/lRM+8rWai3ryfgss7bDfFjoVySw:83zhglzdfBCepnsflRIrWaiRl9k

Score
10/10
rhadamanthyspersistencestealer

Malware Config

Targets

    • Target

      fb9295be3b011faf14a3e3d382a24eb47cf8877f3fcbf2bbc598c92cf3a48181

    • Size

      1.4MB

    • MD5

      fa6ec356a90ef16403ad579d87b05ee5

    • SHA1

      5a3495958104ab9784083fc2df2010a47abeea62

    • SHA256

      fb9295be3b011faf14a3e3d382a24eb47cf8877f3fcbf2bbc598c92cf3a48181

    • SHA512

      2997829f3fb29f0e62d5e30a9915ab7cd9f48fed161ec36fd6a3ee44745e0662e47c3acd625610f8837d6114b1007818518d2ec1c714824023020d3ec6e78e52

    • SSDEEP

      24576:Yky3+X6hglz/V6qDgwTnElepnsH/lRM+8rWai3ryfgss7bDfFjoVySw:83zhglzdfBCepnsflRIrWaiRl9k

    Score
    10/10
    rhadamanthyspersistencestealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks