Overview

overview

10

Static

static

3

handala.exe

windows11-21h2-x64

10

$INTERNET_...ty.ps1

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    handala.exe

  • Size

    1.4MB

  • Sample

    240418-sy9n6agh58

  • MD5

    a8e9b718a677a5ed99e839190eff02bf

  • SHA1

    2d2fbd10629e44ca36397c160ba2a5b05bb49289

  • SHA256

    aae017e7a36e016655c91bd01b4f3c46309bbe540733f82cce29392e72e9bd1f

  • SHA512

    f4414ee9614f14ab4048b4aaaed15c0c877f7524ea011d062733e308c64ac41e2be8453ea90c6de031026c34c4de2f30fd42fb2d27480022927e4fe7727765df

  • SSDEEP

    24576:4b/pDYLjWqXDHdgTAb2sF+rwLFMp17kyByOa/8PhUWfo4ui0/7ARNpgYnmffqRk4:y/pgjrQck8FoJkyAaPh/A4uicERMogfc

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      handala.exe

    • Size

      1.4MB

    • MD5

      a8e9b718a677a5ed99e839190eff02bf

    • SHA1

      2d2fbd10629e44ca36397c160ba2a5b05bb49289

    • SHA256

      aae017e7a36e016655c91bd01b4f3c46309bbe540733f82cce29392e72e9bd1f

    • SHA512

      f4414ee9614f14ab4048b4aaaed15c0c877f7524ea011d062733e308c64ac41e2be8453ea90c6de031026c34c4de2f30fd42fb2d27480022927e4fe7727765df

    • SSDEEP

      24576:4b/pDYLjWqXDHdgTAb2sF+rwLFMp17kyByOa/8PhUWfo4ui0/7ARNpgYnmffqRk4:y/pgjrQck8FoJkyAaPh/A4uicERMogfc

    Score
    10/10
    rhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      $INTERNET_CACHE/Eligibility

    • Size

      257KB

    • MD5

      6b36bf21f99b77035256ee91c85c872c

    • SHA1

      f6c5da5338f85077a70307ba7a6a5cac2386d47d

    • SHA256

      fd8c0224fbe76dff9166409da8e6839f750a863aebc8e1ff92413edc20d014e1

    • SHA512

      43784293bd0cbc85ac4440e60853b518af83f6a370c1a142732be63d2df11eb45ede249386487bc2a88ff96f3279e3885efcaea31c4c1dc8e6e0acbd5a4d4a40

    • SSDEEP

      6144:NdeA1F1F14XCbvNvVv8/judq2aQt8CbqG7g2j:NuL/SddaHsx7dj

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks