Overview

overview

10

Static

static

1

c4455930a4...b4.msi

windows7-x64

6

c4455930a4...b4.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4.msi

  • Size

    1.5MB

  • Sample

    240725-pxxresscpa

  • MD5

    1ab7db273d2431aed5d5bab9c1847246

  • SHA1

    95393b511fad6e7017f3a7c57014004a2ebca17d

  • SHA256

    c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4

  • SHA512

    50add971d394ccbc31b145466ebc8611b6e030d69de0bf2475175ceedf2426f1460ca6c0d0d8ff8d216c557e03fca2788b75c80e161fcf934649cc42f9946d08

  • SSDEEP

    24576:DKxfS0jEhnJ/mhGd6NFTzqh0lhSMXlTnD55U0zjjZqKtaTakjWCtFGuUK7XgW2:DiycFTznj95U0zjjZZtmzjRGuUK75

Score
10/10
rhadamanthysdiscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4.msi

    • Size

      1.5MB

    • MD5

      1ab7db273d2431aed5d5bab9c1847246

    • SHA1

      95393b511fad6e7017f3a7c57014004a2ebca17d

    • SHA256

      c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4

    • SHA512

      50add971d394ccbc31b145466ebc8611b6e030d69de0bf2475175ceedf2426f1460ca6c0d0d8ff8d216c557e03fca2788b75c80e161fcf934649cc42f9946d08

    • SSDEEP

      24576:DKxfS0jEhnJ/mhGd6NFTzqh0lhSMXlTnD55U0zjjZqKtaTakjWCtFGuUK7XgW2:DiycFTznj95U0zjjZZtmzjRGuUK75

    Score
    10/10
    discoverypersistenceprivilege_escalationrhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks