Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b738c9057baa2c3219120919226e95659cccec0dc61aca579bba58c7090719e

  • Size

    1.7MB

  • Sample

    240820-bzszcsxbre

  • MD5

    702ab38086350094b28c8df1b670f84f

  • SHA1

    3a6ff038d4e70d9f5e4a48f617612f9fc330bc03

  • SHA256

    8b738c9057baa2c3219120919226e95659cccec0dc61aca579bba58c7090719e

  • SHA512

    bf849222a88b78b70918b1925afc507eb407abbdb7ce96e7c9ad94eb98093eccc36d3bc172e794eed24cb4138f114f037fc06b1aa18b2263316e1e195d1d74f3

  • SSDEEP

    24576:GzZh1gHxneFb0gvX0zJc2ewTYuXm9jJp7Bv97S2Rck/J2q0NpBCMX/B:GF6ezktFbYuQFv9fBsiMX/B

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      8b738c9057baa2c3219120919226e95659cccec0dc61aca579bba58c7090719e

    • Size

      1.7MB

    • MD5

      702ab38086350094b28c8df1b670f84f

    • SHA1

      3a6ff038d4e70d9f5e4a48f617612f9fc330bc03

    • SHA256

      8b738c9057baa2c3219120919226e95659cccec0dc61aca579bba58c7090719e

    • SHA512

      bf849222a88b78b70918b1925afc507eb407abbdb7ce96e7c9ad94eb98093eccc36d3bc172e794eed24cb4138f114f037fc06b1aa18b2263316e1e195d1d74f3

    • SSDEEP

      24576:GzZh1gHxneFb0gvX0zJc2ewTYuXm9jJp7Bv97S2Rck/J2q0NpBCMX/B:GF6ezktFbYuQFv9fBsiMX/B

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks