Overview

overview

10

Static

static

1

Fattura di 1800.exe

windows7-x64

1

Fattura di 1800.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fattura di 1800.exe

  • Size

    245.9MB

  • Sample

    230714-mzkhrsdc58

  • MD5

    2fe7edd2acb9faa9706425cd07a89bb7

  • SHA1

    591f19611d09274428da9a149dd5d07ceff4f233

  • SHA256

    586f9cae48e4c3b938b98e7e8145bd84c00a6c4dad2940bbd54bfe76b3b8ac2a

  • SHA512

    9e11ffb75e8a85434382e907c5cea89a7ea98cedc7efdcc83688de4407f8fbb75182fa50ad5d833b76fd33eab4bcd7a00d2db9db69edb9fe120cf5086935b1c4

  • SSDEEP

    49152:XZRP5u6EihWcWMcpGcoyvaRV/csji8ur7SXTlXOBrffXxBrCj50vl:MshcdYVxmBr7SXTkBTvxBWe

Score
10/10
rhadamanthyscollectionstealer

Malware Config

Targets

    • Target

      Fattura di 1800.exe

    • Size

      245.9MB

    • MD5

      2fe7edd2acb9faa9706425cd07a89bb7

    • SHA1

      591f19611d09274428da9a149dd5d07ceff4f233

    • SHA256

      586f9cae48e4c3b938b98e7e8145bd84c00a6c4dad2940bbd54bfe76b3b8ac2a

    • SHA512

      9e11ffb75e8a85434382e907c5cea89a7ea98cedc7efdcc83688de4407f8fbb75182fa50ad5d833b76fd33eab4bcd7a00d2db9db69edb9fe120cf5086935b1c4

    • SSDEEP

      49152:XZRP5u6EihWcWMcpGcoyvaRV/csji8ur7SXTlXOBrffXxBrCj50vl:MshcdYVxmBr7SXTkBTvxBWe

    Score
    10/10
    rhadamanthyscollectionstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks