Overview

overview

10

Static

static

3

543b69f962...0N.dll

windows7-x64

6

543b69f962...0N.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    543b69f96203ebf17cbb6fb6b4b424f0N.exe

  • Size

    1.9MB

  • Sample

    240807-dk6ysazanp

  • MD5

    543b69f96203ebf17cbb6fb6b4b424f0

  • SHA1

    609629f1c48a3f0c0d2635c45a8714c08fbdc76f

  • SHA256

    258ffcc13dbe110bcce21b91f7f075995719791fdd3c9f55ea5934984fa4373d

  • SHA512

    aa394ee33a7fa4a428e2b61b3e7825d3ef3d1087465e096259de5bfa90b57cdeeff21f2b075cd164193311404964f2788c0b09e4cd3c9243ce27348bf49f9d13

  • SSDEEP

    24576:jduagYXnrNOEMudreb7LVkhdyJYKkbg6psPyWwxnMqfbc5MU47iA8koWOmydA7iA:jngjA+rMVL7rZLOkALP7fi6HC+nIzD

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      543b69f96203ebf17cbb6fb6b4b424f0N.exe

    • Size

      1.9MB

    • MD5

      543b69f96203ebf17cbb6fb6b4b424f0

    • SHA1

      609629f1c48a3f0c0d2635c45a8714c08fbdc76f

    • SHA256

      258ffcc13dbe110bcce21b91f7f075995719791fdd3c9f55ea5934984fa4373d

    • SHA512

      aa394ee33a7fa4a428e2b61b3e7825d3ef3d1087465e096259de5bfa90b57cdeeff21f2b075cd164193311404964f2788c0b09e4cd3c9243ce27348bf49f9d13

    • SSDEEP

      24576:jduagYXnrNOEMudreb7LVkhdyJYKkbg6psPyWwxnMqfbc5MU47iA8koWOmydA7iA:jngjA+rMVL7rZLOkALP7fi6HC+nIzD

    Score
    10/10
    discoverypersistencerhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks