Overview

overview

10

Static

static

1

FailureFlooring.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    FailureFlooring.exe

  • Size

    843KB

  • Sample

    240318-qmr9mahf95

  • MD5

    b5f0ed87c2bf4b9c7581dbbf3378391f

  • SHA1

    d28e1cbc90a683ff4c45c97df8a51a8a2e664c13

  • SHA256

    459a487f878041e1c2968d416ebe4fcf021a754c5538f979999294c998902a77

  • SHA512

    f22391155aefb84161734b629facb4f0aa66fde813e0bdc6e65db2e37747c598e5f4aa5d277dfd8ed97e8ad29139e019363ca65f4fff7dee12ba9bbfea1c75ce

  • SSDEEP

    24576:wNyEZMPlCqpblEMtLrKr3orESk42vyBSokMCId6:Qu9C+4r33S6yBKCQ

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.209.30.112:9202/14d7b3a28e182c82e/a47lbhpe.urmtt

Targets

    • Target

      FailureFlooring.exe

    • Size

      843KB

    • MD5

      b5f0ed87c2bf4b9c7581dbbf3378391f

    • SHA1

      d28e1cbc90a683ff4c45c97df8a51a8a2e664c13

    • SHA256

      459a487f878041e1c2968d416ebe4fcf021a754c5538f979999294c998902a77

    • SHA512

      f22391155aefb84161734b629facb4f0aa66fde813e0bdc6e65db2e37747c598e5f4aa5d277dfd8ed97e8ad29139e019363ca65f4fff7dee12ba9bbfea1c75ce

    • SSDEEP

      24576:wNyEZMPlCqpblEMtLrKr3orESk42vyBSokMCId6:Qu9C+4r33S6yBKCQ

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks