Overview

overview

10

Static

static

1

23564984.hta

windows7-x64

3

23564984.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23564984

  • Size

    70KB

  • Sample

    240212-x6abgscg88

  • MD5

    3d89cbe9713713fc038093637a602b29

  • SHA1

    cedd51d531784fd158783d94e4a003b03f838d71

  • SHA256

    187fa58d15a59f20c752a75a4cf76e3e8437da5a1d48acdb343392c692a73067

  • SHA512

    0572b10f472130d9ee6a3fd121d2e59848e123b84b5916352e42f63511521fb4cd34a12d484718045c9c421e76a9ec95cd3007ec4a4210f9e6ea3eb6c7e58fb6

  • SSDEEP

    1536:R5JC7UPpyY3TE82Fp5CVJXRP3qOm7yFeKGMzGslhYUWNQRpI2ti5Oz:R58ARIqo2tiEz

Score
10/10
rhadamanthysevasionstealertrojan

Malware Config

Targets

    • Target

      23564984

    • Size

      70KB

    • MD5

      3d89cbe9713713fc038093637a602b29

    • SHA1

      cedd51d531784fd158783d94e4a003b03f838d71

    • SHA256

      187fa58d15a59f20c752a75a4cf76e3e8437da5a1d48acdb343392c692a73067

    • SHA512

      0572b10f472130d9ee6a3fd121d2e59848e123b84b5916352e42f63511521fb4cd34a12d484718045c9c421e76a9ec95cd3007ec4a4210f9e6ea3eb6c7e58fb6

    • SSDEEP

      1536:R5JC7UPpyY3TE82Fp5CVJXRP3qOm7yFeKGMzGslhYUWNQRpI2ti5Oz:R58ARIqo2tiEz

    Score
    10/10
    rhadamanthysevasionstealertrojan

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks