rhadamanthys | 257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af
Size

3.4MB
Sample

230716-k2q28adf55
MD5

09ab5b40d8ea72b0fc02000284e22169
SHA1

5afe7d2fc292f9db5108ca422bd335644fadf974
SHA256

257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af
SHA512

2281ef62c309862f969c0319a42ffd39fbd0ef2ac2d60aac1576d1a7475198b5591221d8f09cf0d365a78303a79b4c6f7e3bd71a9da6913107d536087d71390d
SSDEEP

98304:QaweQ/fMnA/uuR6NSfxSVFBq0TjgAgxdj2zAqg0VYu6T:QzPSA/uKO/TI12zAMwT

Score

10^/10

rhadamanthys collection stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af.exe

Resource

win10-20230703-en

rhadamanthys collection stealer vmprotect

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af
- Size
  
  3.4MB
- MD5
  
  09ab5b40d8ea72b0fc02000284e22169
- SHA1
  
  5afe7d2fc292f9db5108ca422bd335644fadf974
- SHA256
  
  257f4f173d326f1d6434afc11fa462d4b861e0ad078173f1642e02c7318255af
- SHA512
  
  2281ef62c309862f969c0319a42ffd39fbd0ef2ac2d60aac1576d1a7475198b5591221d8f09cf0d365a78303a79b4c6f7e3bd71a9da6913107d536087d71390d
- SSDEEP
  
  98304:QaweQ/fMnA/uuR6NSfxSVFBq0TjgAgxdj2zAqg0VYu6T:QzPSA/uKO/TI12zAMwT
Score

10^/10

rhadamanthys collection stealer vmprotect
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthyscollectionstealervmprotect

© 2018-2025

Terms | Privacy