Overview

overview

10

Static

static

3

buildcreate.exe

windows7-x64

10

buildcreate.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    buildcreate.exe

  • Size

    916KB

  • Sample

    230918-nbz4zsgh4s

  • MD5

    015f3b383e71a5e9c497bc04723ce7ac

  • SHA1

    f2bd3a71e07524db00b657731db1e8326bc505e8

  • SHA256

    28cfcf483bbe8d2325b9d5b837379d803207d21bfaccde025d5543fc895815a6

  • SHA512

    807390c15267d5d82e3838ad4c399d67d40636078aef82b6e8617868ba1ca58ecc8218dd5841b0672383aad71931854ddbf6cd3574c6be389631549fb6a10d75

  • SSDEEP

    24576:Cgj9azxeqTtcA9U8CY9whhbHHxDeqk9eEzjGGFQjc:Ta1N2A96hRleq1EzjGGFl

Score
10/10
rhadamanthyscollectionpersistencestealer

Malware Config

Targets

    • Target

      buildcreate.exe

    • Size

      916KB

    • MD5

      015f3b383e71a5e9c497bc04723ce7ac

    • SHA1

      f2bd3a71e07524db00b657731db1e8326bc505e8

    • SHA256

      28cfcf483bbe8d2325b9d5b837379d803207d21bfaccde025d5543fc895815a6

    • SHA512

      807390c15267d5d82e3838ad4c399d67d40636078aef82b6e8617868ba1ca58ecc8218dd5841b0672383aad71931854ddbf6cd3574c6be389631549fb6a10d75

    • SSDEEP

      24576:Cgj9azxeqTtcA9U8CY9whhbHHxDeqk9eEzjGGFQjc:Ta1N2A96hRleq1EzjGGFl

    Score
    10/10
    rhadamanthyscollectionpersistencestealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks