Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    456KB

  • Sample

    230811-fy4rpada7z

  • MD5

    5c805d4466345b26b820ff887eab561a

  • SHA1

    478d40e07351d59b7854c9b4140b3592ff19c841

  • SHA256

    112f7af149d6833b954c301582d2b3178833724a12e86b0162a69000192cbff2

  • SHA512

    d3656925bb6c1776f6b8ca5592d527e4f77d5ade621c715bed5042ac4a2e1a9344febb73eb927b7fb1ba4511488da1062e01c470326bf28e0a4d671b830f3502

  • SSDEEP

    12288:ItjtEVJvfW1kGh0ZbIfl6dtcj4BtRt6D2cehTAI:I7EV4io5jet5fhMI

Score
10/10
rhadamanthyssystembcstealertrojan

Malware Config

Extracted

Family

systembc

C2

discordcdn8839248.com:4327

chinabar821994.com:4327

Targets

    • Target

      tmp

    • Size

      456KB

    • MD5

      5c805d4466345b26b820ff887eab561a

    • SHA1

      478d40e07351d59b7854c9b4140b3592ff19c841

    • SHA256

      112f7af149d6833b954c301582d2b3178833724a12e86b0162a69000192cbff2

    • SHA512

      d3656925bb6c1776f6b8ca5592d527e4f77d5ade621c715bed5042ac4a2e1a9344febb73eb927b7fb1ba4511488da1062e01c470326bf28e0a4d671b830f3502

    • SSDEEP

      12288:ItjtEVJvfW1kGh0ZbIfl6dtcj4BtRt6D2cehTAI:I7EV4io5jet5fhMI

    Score
    10/10
    rhadamanthyssystembcstealertrojan

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks