Overview

overview

10

Static

static

1

c4455930a4...b4.msi

windows7-x64

6

c4455930a4...b4.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ab7db273d2431aed5d5bab9c1847246.bin

  • Size

    862KB

  • Sample

    240727-by8y7ayckm

  • MD5

    bdf105dada5b9c164ab98055a4609298

  • SHA1

    51ab2795e640debc7c9929b80e7e0bb52a5e77c1

  • SHA256

    6989ca6e02b3c9ab512ccdf3d6ad7fa8584ed5224cf730d3abbba59dc82974bc

  • SHA512

    045a37edbd32ee407edb527c8b5dc795af6a4ffb313c92067c48b0d75e677b40ee6f3f0b9c5979b80e4847cd5eab8d7ebb4bf8ccd8d2acc8df7b6e364458f260

  • SSDEEP

    12288:gEgq3ExrlM9HdPKm8jY4sC/9ZovMhrmAgIHNWp7TyuE6/uaXdYG8De6WIQPgKitY:+q3YqN88S9Q4ZxtgduWYNWvPBc2so

Score
10/10
rhadamanthysdiscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4.msi

    • Size

      1.5MB

    • MD5

      1ab7db273d2431aed5d5bab9c1847246

    • SHA1

      95393b511fad6e7017f3a7c57014004a2ebca17d

    • SHA256

      c4455930a4ee15f3a7abecc4b0dc97911baf6b65b625849bc309fda3929432b4

    • SHA512

      50add971d394ccbc31b145466ebc8611b6e030d69de0bf2475175ceedf2426f1460ca6c0d0d8ff8d216c557e03fca2788b75c80e161fcf934649cc42f9946d08

    • SSDEEP

      24576:DKxfS0jEhnJ/mhGd6NFTzqh0lhSMXlTnD55U0zjjZqKtaTakjWCtFGuUK7XgW2:DiycFTznj95U0zjjZZtmzjRGuUK75

    Score
    10/10
    discoverypersistenceprivilege_escalationrhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks