Overview

overview

10

Static

static

3

d612857793...72.exe

windows7-x64

10

d612857793...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d61285779379c5e28500c6aa42431db345f36e1297246974cf5bd113913fd772

  • Size

    10.0MB

  • Sample

    240825-ct965atgkr

  • MD5

    04bb2ad01b3eadfef8c562ec75f30912

  • SHA1

    12a8014a9492660ca49d6ce463df2e49360b02ba

  • SHA256

    d61285779379c5e28500c6aa42431db345f36e1297246974cf5bd113913fd772

  • SHA512

    97818da55414b5cbe749cc2f6b93096d5c8e97e246ce2d1893143a6ef2827929e91b574fe1576cec41f59405c56c485929c9803c0b72950023eb071930fa5f06

  • SSDEEP

    49152:Ek6ufMjhnCBj5I+IOTAwj6E9vOzf6Y7Xrl8:EkRfMN+Jibl8

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      d61285779379c5e28500c6aa42431db345f36e1297246974cf5bd113913fd772

    • Size

      10.0MB

    • MD5

      04bb2ad01b3eadfef8c562ec75f30912

    • SHA1

      12a8014a9492660ca49d6ce463df2e49360b02ba

    • SHA256

      d61285779379c5e28500c6aa42431db345f36e1297246974cf5bd113913fd772

    • SHA512

      97818da55414b5cbe749cc2f6b93096d5c8e97e246ce2d1893143a6ef2827929e91b574fe1576cec41f59405c56c485929c9803c0b72950023eb071930fa5f06

    • SSDEEP

      49152:Ek6ufMjhnCBj5I+IOTAwj6E9vOzf6Y7Xrl8:EkRfMN+Jibl8

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks