Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    16748566fc9e297fa08b4433fadeafdd63c1527fad4cac0cf8df287df56088d1

  • Size

    1.2MB

  • Sample

    240108-fe5jwabcen

  • MD5

    1b728c6e8f10313d7367c82e48d022da

  • SHA1

    192a6598214c1a9d19717f18e271a4360eb38b44

  • SHA256

    16748566fc9e297fa08b4433fadeafdd63c1527fad4cac0cf8df287df56088d1

  • SHA512

    3bf139a04d28a6858ec8c697f3387c613844d0628ad42725d21274a3574937482da2bc921944d34b4b7e1d91f4821e328cf2668ad768a52cb2c63c15b136d258

  • SSDEEP

    24576:1D3s67Twbc8NIdi9SePHdvwtlTWlTnF6hcz5+ntmgTUji:RX7Tdosepwr4TnF6hYEtp

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      16748566fc9e297fa08b4433fadeafdd63c1527fad4cac0cf8df287df56088d1

    • Size

      1.2MB

    • MD5

      1b728c6e8f10313d7367c82e48d022da

    • SHA1

      192a6598214c1a9d19717f18e271a4360eb38b44

    • SHA256

      16748566fc9e297fa08b4433fadeafdd63c1527fad4cac0cf8df287df56088d1

    • SHA512

      3bf139a04d28a6858ec8c697f3387c613844d0628ad42725d21274a3574937482da2bc921944d34b4b7e1d91f4821e328cf2668ad768a52cb2c63c15b136d258

    • SSDEEP

      24576:1D3s67Twbc8NIdi9SePHdvwtlTWlTnF6hcz5+ntmgTUji:RX7Tdosepwr4TnF6hYEtp

    Score
    10/10
    rhadamanthysstealer

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks