Overview

overview

10

Static

static

3

Patrick.pdf

windows11-21h2-x64

10

Resubmissions

16/07/2024, 04:58

240716-flvy1swbnm 3

16/07/2024, 04:56

240716-fkva4aydrh 4

16/07/2024, 04:52

240716-fhwq5sydkg 4

16/07/2024, 04:49

240716-ffsayavhnq 10

16/07/2024, 04:46

240716-fd2rlaybpg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Patrick.pdf

  • Size

    36KB

  • Sample

    240716-ffsayavhnq

  • MD5

    8cda87bb4d6f53572254f7be23544b5c

  • SHA1

    29e3ac8d5890f2bacdabdd26a7fe1c79307df3a7

  • SHA256

    59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4

  • SHA512

    d91f13669edadaed762c329f296c8771e6c847f57507144c92092a8043e68f013f4101fe2697545b1c7e77d5336f7771cdc0aec155240e1ae124d44cf8b319da

  • SSDEEP

    768:V+EL9njhyr5AD4UPbBbFUjDNZSlDc6edap9otZNZo6a2X:V+i9jha52H0vNZSlDc6ofNOqX

Score
10/10
rhadamanthysexecutionlinkpdfstealer

Malware Config

Targets

    • Target

      Patrick.pdf

    • Size

      36KB

    • MD5

      8cda87bb4d6f53572254f7be23544b5c

    • SHA1

      29e3ac8d5890f2bacdabdd26a7fe1c79307df3a7

    • SHA256

      59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4

    • SHA512

      d91f13669edadaed762c329f296c8771e6c847f57507144c92092a8043e68f013f4101fe2697545b1c7e77d5336f7771cdc0aec155240e1ae124d44cf8b319da

    • SSDEEP

      768:V+EL9njhyr5AD4UPbBbFUjDNZSlDc6edap9otZNZo6a2X:V+i9jha52H0vNZSlDc6ofNOqX

    Score
    10/10
    rhadamanthysexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks