rhadamanthys | f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453
Size

5.6MB
Sample

240429-endl3shh7v
MD5

93a9e3c51d74beb9591c51a28d634048
SHA1

cab58975cadcd89d14e98ec0e5cf3a950d7ea479
SHA256

f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453
SHA512

6913fdcf261027cd8aae4a4f5a7c74c10cf570f364550fddc6f4369fa8e8702bef30d22130984fa592788e6e0afc96150f9f588d64811ed88da56a4c7f711b25
SSDEEP

98304:gAoK6oWRH2P1Y/abpyrjavXi/lQqBLm/Bn85w7dZBzr:KK6lx2Y/abYrsXXq1mJntdZBzr

Score

10^/10

rhadamanthys zgrat rat stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453.exe

Resource

win7-20240419-en

rhadamanthys zgrat rat stealer

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453.exe

Resource

win10-20240404-en

rhadamanthys zgrat rat stealer

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453
- Size
  
  5.6MB
- MD5
  
  93a9e3c51d74beb9591c51a28d634048
- SHA1
  
  cab58975cadcd89d14e98ec0e5cf3a950d7ea479
- SHA256
  
  f9ecdc4cd55f91273fef14b24c82da1b23abdcf63914ffa42749f9c3b9389453
- SHA512
  
  6913fdcf261027cd8aae4a4f5a7c74c10cf570f364550fddc6f4369fa8e8702bef30d22130984fa592788e6e0afc96150f9f588d64811ed88da56a4c7f711b25
- SSDEEP
  
  98304:gAoK6oWRH2P1Y/abpyrjavXi/lQqBLm/Bn85w7dZBzr:KK6lx2Y/abYrsXXq1mJntdZBzr
Score

10^/10

rhadamanthys zgrat rat stealer
- Detect ZGRat V1
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

rhadamanthyszgratratstealer

behavioral2

rhadamanthyszgratratstealer

© 2018-2024

Terms | Privacy