Overview

overview

10

Static

static

3

pondero8.exe

windows10-1703-x64

10

pondero8.exe

windows10-2004-x64

10

pondero8.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    pondero8.7z

  • Size

    1.4MB

  • Sample

    231219-qthnrseebm

  • MD5

    aff2cafa39ad1699ffb14eef6b4f69aa

  • SHA1

    8360bad604738c6464f157aa99de77a021278a53

  • SHA256

    a94d36bfa1fa72bce861959d5405cde0bce72b706e1623739bee92a1b8cd99e3

  • SHA512

    8ebf74d8c94448f047cc6df5176fb2d36fbcee30454da0a8aa9229e2c01ccb9bf3ee5b3509c859097a02f5e057e0d2471152d5a6a7136ddf3351bd0ca3261271

  • SSDEEP

    24576:DNbZTaBUuH4e9OwKqXD/IVhyHiJAtUX/PfGzMMjVLMvwJsLat:DNBaBnYeBnIV4iJAtUX/PfGrjVawJH

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      pondero8.exe

    • Size

      720.8MB

    • MD5

      46a4bd84f99e99ed1db69e7c61e7cfcd

    • SHA1

      71c6fcd9212c1f7b8361abf648395624fe1ce02f

    • SHA256

      ae03b3c651101b53d4a8e6fae6d3cf4e1c897e185040af6e3c46696def47b9f5

    • SHA512

      85e6e323b43cb7bf61d5634f2949d58ac2df36860d6e7d15b5bbcefbcd0c0b6426fe4d0befa772fecf8c3109966e5e7670b7215f7ae1a3199c850abb2b093b83

    • SSDEEP

      49152:eAhNuNS9Nd64LJuQsBEhiZQSpd5fRP+RkKgF5ZzxQJmFt/KfTRbEP3EApR:e4T8Hio9+6zGoEY

    Score
    10/10
    rhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks