Overview

overview

10

Static

static

1

Install_x64.exe

windows7-x64

8

Install_x64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Install_x64.exe.vir

  • Size

    152.8MB

  • Sample

    240810-t7wz4asbre

  • MD5

    1209ebb1ad659fa7f30431d2727c5bf6

  • SHA1

    544703d81bd146ce669cda91e27aaea9c81f4cb4

  • SHA256

    b3f00abb73cdec4a3328a078b5a5bfcfbd76a6c3c9a360c4e6c31714cfb804e2

  • SHA512

    6161cbf8e94d1a0f6e54f65a38560bbabb6b4e65acfe4af2926b0a12fee74d9f4df104dc312c2b367d5c4d5e19ea9aeec82193acfea45bb7184e0e63602914d7

  • SSDEEP

    786432:bt2OSWkMhfqpHCOdRIeoxOTx9ylnEk2Fd7yLie63pk3lLwmYEDw:btAWkMMi5w9qEn7S6S3zYN

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Targets

    • Target

      Install_x64.exe.vir

    • Size

      152.8MB

    • MD5

      1209ebb1ad659fa7f30431d2727c5bf6

    • SHA1

      544703d81bd146ce669cda91e27aaea9c81f4cb4

    • SHA256

      b3f00abb73cdec4a3328a078b5a5bfcfbd76a6c3c9a360c4e6c31714cfb804e2

    • SHA512

      6161cbf8e94d1a0f6e54f65a38560bbabb6b4e65acfe4af2926b0a12fee74d9f4df104dc312c2b367d5c4d5e19ea9aeec82193acfea45bb7184e0e63602914d7

    • SSDEEP

      786432:bt2OSWkMhfqpHCOdRIeoxOTx9ylnEk2Fd7yLie63pk3lLwmYEDw:btAWkMMi5w9qEn7S6S3zYN

    Score
    10/10
    executionrhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks