Overview

overview

10

Static

static

3

othweysuRD.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    othweysuRD.exe

  • Size

    7.3MB

  • Sample

    240826-r34g9sygng

  • MD5

    8dbbd433591aac8ceb316ecdc4d662d5

  • SHA1

    dd346c587d909a503140a52f4056dece00b55795

  • SHA256

    a43d830738356a4df2dbd1dadbb5833d4d903e7e7263eff726f9c9ea85ca9154

  • SHA512

    d95a7e8de860a71ab0460bb02cdb56bcdeda91905365db8aa0b8fb0fd29343af0ae2055234c72907a0f8ced38c22fc5e5393d7b70d14e2e4d738abf7c91f9e0b

  • SSDEEP

    196608:ArKtyBNkW+8hBiIbZg4T4hac7p6eDcGRY9nJ/7Ox6W:Ar/BNdh1behacQeHwnJ/7ON

Score
10/10
rhadamanthysdiscoverypyinstallerstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://147.124.222.184:7232/2ff7fa032802244/tnvi7gis.n72p2

Targets

    • Target

      othweysuRD.exe

    • Size

      7.3MB

    • MD5

      8dbbd433591aac8ceb316ecdc4d662d5

    • SHA1

      dd346c587d909a503140a52f4056dece00b55795

    • SHA256

      a43d830738356a4df2dbd1dadbb5833d4d903e7e7263eff726f9c9ea85ca9154

    • SHA512

      d95a7e8de860a71ab0460bb02cdb56bcdeda91905365db8aa0b8fb0fd29343af0ae2055234c72907a0f8ced38c22fc5e5393d7b70d14e2e4d738abf7c91f9e0b

    • SSDEEP

      196608:ArKtyBNkW+8hBiIbZg4T4hac7p6eDcGRY9nJ/7Ox6W:Ar/BNdh1behacQeHwnJ/7ON

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks