Overview

overview

10

Static

static

3

751f149665...ec.dll

windows7-x64

6

751f149665...ec.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    751f149665f87dd20cc8dff743f28e5da1ff2a5f04874d4b8569b9afceeedfec

  • Size

    6.0MB

  • Sample

    240806-3bdcjstepp

  • MD5

    573baaf10e2cd69e7749e8d65c5adabf

  • SHA1

    2879aae0d563b38b564c0c8905788fcf8c3e4b70

  • SHA256

    751f149665f87dd20cc8dff743f28e5da1ff2a5f04874d4b8569b9afceeedfec

  • SHA512

    79c7f3fd34225d5c0eceb2278676272f731f72bd0e632a080073993ebbad1c813df3a4ea5e63490b7844159bd36ca2855b6aca1242a2091327bcc5e9aa414434

  • SSDEEP

    49152:JErEyCal8VnN+LwbEOCAQFhZ81wm+R9BlwxPJfkwDQby1uZLOkALP7fivHdHufrd:JElCQ8VN+TAghZbR9y6wKyskkk2HO

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      751f149665f87dd20cc8dff743f28e5da1ff2a5f04874d4b8569b9afceeedfec

    • Size

      6.0MB

    • MD5

      573baaf10e2cd69e7749e8d65c5adabf

    • SHA1

      2879aae0d563b38b564c0c8905788fcf8c3e4b70

    • SHA256

      751f149665f87dd20cc8dff743f28e5da1ff2a5f04874d4b8569b9afceeedfec

    • SHA512

      79c7f3fd34225d5c0eceb2278676272f731f72bd0e632a080073993ebbad1c813df3a4ea5e63490b7844159bd36ca2855b6aca1242a2091327bcc5e9aa414434

    • SSDEEP

      49152:JErEyCal8VnN+LwbEOCAQFhZ81wm+R9BlwxPJfkwDQby1uZLOkALP7fivHdHufrd:JElCQ8VN+TAghZbR9y6wKyskkk2HO

    Score
    10/10
    discoverypersistencerhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks