Overview

overview

10

Static

static

3

Notion_rel...64.exe

windows10-1703-x64

10

Notion_rel...64.exe

windows10-2004-x64

10

Notion_rel...64.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notion_release_x86_64.exe

  • Size

    17.2MB

  • Sample

    240427-ewv64aag82

  • MD5

    96beed43d005e1eb5110c2143fc7bb71

  • SHA1

    38fadf64fe8a3016e8f5675344fc8298c297c94a

  • SHA256

    b07634440fda0cc1b4cb4a3b6d7c56cb8125df750b4aced5bac1afdf28cf2591

  • SHA512

    2c7af001fd875aaebfd7ad4fd032ea876e7d69bca39c513e73a3c9899c8a65dce4dd6b522e50ed9610675eabe21324003a4dca428b06895af2c8c22f1038f4ad

  • SSDEEP

    196608:rkpXNzfl0sKYu/PaQtsI9iL4FMIZETSkjPePdrQJM93BMJg6x9iGvPoMut/X6e0x:efLQtsTQETSkvJQCJGG4MUXx8AKORY

Score
10/10
rhadamanthyspyinstallerstealer

Malware Config

Targets

    • Target

      Notion_release_x86_64.exe

    • Size

      17.2MB

    • MD5

      96beed43d005e1eb5110c2143fc7bb71

    • SHA1

      38fadf64fe8a3016e8f5675344fc8298c297c94a

    • SHA256

      b07634440fda0cc1b4cb4a3b6d7c56cb8125df750b4aced5bac1afdf28cf2591

    • SHA512

      2c7af001fd875aaebfd7ad4fd032ea876e7d69bca39c513e73a3c9899c8a65dce4dd6b522e50ed9610675eabe21324003a4dca428b06895af2c8c22f1038f4ad

    • SSDEEP

      196608:rkpXNzfl0sKYu/PaQtsI9iL4FMIZETSkjPePdrQJM93BMJg6x9iGvPoMut/X6e0x:efLQtsTQETSkvJQCJGG4MUXx8AKORY

    Score
    10/10
    rhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks