General

  • Target

    c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe

  • Size

    2.3MB

  • Sample

    240207-1gdt6aba67

  • MD5

    ffd6c86af20c38cccffcd9b0e15ece4c

  • SHA1

    6f7e99a0d8fff2b7191468dfac2c51c2fba5cd52

  • SHA256

    c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a

  • SHA512

    eae55c69e951a9cd4a4f2dabf6aba2e0a61a9251733156bbb25bc2b47fcea27e9d7ea92c349345b2ab06407cd64dd828d147fd06bdd053bd5938cf85120f7bb4

  • SSDEEP

    24576:usP9hehe+N0gOaDSKvzL3+gTFDrZ7FB1gGU47aU7hR9g4Fw1aAanY9517v7Wy4dv:14hGKfp9gWJR3cP517zWn6n3B9jYxLrp

Score
10/10

Malware Config

Targets

    • Target

      c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe

    • Size

      2.3MB

    • MD5

      ffd6c86af20c38cccffcd9b0e15ece4c

    • SHA1

      6f7e99a0d8fff2b7191468dfac2c51c2fba5cd52

    • SHA256

      c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a

    • SHA512

      eae55c69e951a9cd4a4f2dabf6aba2e0a61a9251733156bbb25bc2b47fcea27e9d7ea92c349345b2ab06407cd64dd828d147fd06bdd053bd5938cf85120f7bb4

    • SSDEEP

      24576:usP9hehe+N0gOaDSKvzL3+gTFDrZ7FB1gGU47aU7hR9g4Fw1aAanY9517v7Wy4dv:14hGKfp9gWJR3cP517zWn6n3B9jYxLrp

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks