Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983

  • Size

    495KB

  • Sample

    230807-gntpeadh35

  • MD5

    4c224ad23e402d58bbd23023bf883dc0

  • SHA1

    67cbaf4b24ccf90ca845626d1ed97831ef0dd55b

  • SHA256

    74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983

  • SHA512

    5aad2b848d6098c8cdbf58ce115ac832826e82f803aaaca5625197c445d3849f6cb256aaeeebed4bd3a5b0db92f0f957ee5de79312f4fc4b9769f8deae0b5766

  • SSDEEP

    12288:hwp22VqKfpoJfgq+mugd256TJzxpQodc5X:hwp26PfOJfgbmBT5c5

Score
10/10
rhadamanthyssystembcstealertrojan

Malware Config

Extracted

Family

systembc

C2

discordcdn8839248.com:4327

chinabar821994.com:4327

Targets

    • Target

      74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983

    • Size

      495KB

    • MD5

      4c224ad23e402d58bbd23023bf883dc0

    • SHA1

      67cbaf4b24ccf90ca845626d1ed97831ef0dd55b

    • SHA256

      74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983

    • SHA512

      5aad2b848d6098c8cdbf58ce115ac832826e82f803aaaca5625197c445d3849f6cb256aaeeebed4bd3a5b0db92f0f957ee5de79312f4fc4b9769f8deae0b5766

    • SSDEEP

      12288:hwp22VqKfpoJfgq+mugd256TJzxpQodc5X:hwp26PfOJfgbmBT5c5

    Score
    10/10
    rhadamanthyssystembcstealertrojan

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Deletes itself

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix

Tasks