Overview

overview

10

Static

static

3

2024-08-07...il.exe

windows7-x64

10

2024-08-07...il.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-07_6eb0509c8c7caa0e85c02afcb954e370_avoslocker_revil

  • Size

    4.2MB

  • Sample

    240807-avs8wsvgrk

  • MD5

    6eb0509c8c7caa0e85c02afcb954e370

  • SHA1

    e13e787aac6abc8e9f5d126239ed5e012090827b

  • SHA256

    61b0a39405d071a95d7a8302b308cbf65ce4db0df029efea1af8a24ae9a94ca4

  • SHA512

    e55e50483f947b68b30e6d317c038a0dec4197fb96b5547aef5dd6f8679bf1486a6408479643b0e36d42effc8f58e4901135bc9070f523d421db0701e40bc53e

  • SSDEEP

    98304:MU65he7IdCb40s58A9QmAJPZoW3D12oRRYIa2KS+bnoGgH25leG9v/krAr1KwH:B65hQmed3REeGh/kUr1K8

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      2024-08-07_6eb0509c8c7caa0e85c02afcb954e370_avoslocker_revil

    • Size

      4.2MB

    • MD5

      6eb0509c8c7caa0e85c02afcb954e370

    • SHA1

      e13e787aac6abc8e9f5d126239ed5e012090827b

    • SHA256

      61b0a39405d071a95d7a8302b308cbf65ce4db0df029efea1af8a24ae9a94ca4

    • SHA512

      e55e50483f947b68b30e6d317c038a0dec4197fb96b5547aef5dd6f8679bf1486a6408479643b0e36d42effc8f58e4901135bc9070f523d421db0701e40bc53e

    • SSDEEP

      98304:MU65he7IdCb40s58A9QmAJPZoW3D12oRRYIa2KS+bnoGgH25leG9v/krAr1KwH:B65hQmed3REeGh/kUr1K8

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks