Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-07-2023 05:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e993c98839d5adf3246ee13f4d60f6166d028fcf6f8ec05137e5c2a1c5942cd.exe

  • Size

    374KB

  • MD5

    967775fbefc77938a36ef45c7deabccb

  • SHA1

    eb1bc33881ebaa4a47abbb2a9e4d3cbfd98a5b91

  • SHA256

    4e993c98839d5adf3246ee13f4d60f6166d028fcf6f8ec05137e5c2a1c5942cd

  • SHA512

    3d14fd1ac1af2b9646ed6dd46e57f27971a5368d7e9c766cee77ef17482333ca9d53570945f98edb436c58e9399ccb19816d89c4b2c1732c5bfd18d3d457bbd3

  • SSDEEP

    6144:d1LpxvA1F4D1BTjwypbU4YNWqfuUjxJFuDxBRdg9WIIg+xP0l7Ea/0:7deUBI6UtfuUjADJdjgoP0ea8

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 5 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3176
      • C:\Users\Admin\AppData\Local\Temp\4e993c98839d5adf3246ee13f4d60f6166d028fcf6f8ec05137e5c2a1c5942cd.exe
        "C:\Users\Admin\AppData\Local\Temp\4e993c98839d5adf3246ee13f4d60f6166d028fcf6f8ec05137e5c2a1c5942cd.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2128
      • C:\Windows\system32\certreq.exe
        "C:\Windows\system32\certreq.exe"
        2⤵
          PID:4856

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2128-127-0x00000000026C0000-0x0000000002AC0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2128-122-0x00000000007D0000-0x00000000008D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2128-124-0x0000000000400000-0x0000000000517000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2128-125-0x0000000000620000-0x0000000000627000-memory.dmp

        Filesize

        28KB

        Download

      • memory/2128-126-0x00000000026C0000-0x0000000002AC0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2128-128-0x00000000026C0000-0x0000000002AC0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2128-123-0x0000000002070000-0x00000000020E1000-memory.dmp

        Filesize

        452KB

        Download

      • memory/2128-129-0x00000000026C0000-0x0000000002AC0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2128-142-0x00000000026C0000-0x0000000002AC0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2128-131-0x00000000007D0000-0x00000000008D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2128-130-0x0000000000400000-0x0000000000517000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2128-135-0x0000000002070000-0x00000000020E1000-memory.dmp

        Filesize

        452KB

        Download

      • memory/2128-136-0x00000000024E0000-0x0000000002516000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4856-132-0x0000021657590000-0x0000021657593000-memory.dmp

        Filesize

        12KB

        Download