Overview

overview

10

Static

static

1

20240906e0...ys.exe

windows7-x64

10

20240906e0...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20240906e069a1b373f66e021faef987be2c722eicedidrhadamanthys

  • Size

    1.7MB

  • Sample

    240906-zxg13sxglp

  • MD5

    e069a1b373f66e021faef987be2c722e

  • SHA1

    2ea59a8dfb60b51e2b786d71bbfcb6bb5f474744

  • SHA256

    235dc83b3a2b765e12e26960b6b90a2fbc7097d4bfb991118139d53fbfd12705

  • SHA512

    0ed23250b31fa506a520ac2e709f2db319b2c9d31c64f3bf5ec399a7d0345b7b30279962f3408c8f398ad89896e206d54520a9809f0569f43e4b86b941f8f4cc

  • SSDEEP

    49152:fdifhbdWza1F5YeEpoAXg7Cn5BJlT+Qr/FHwf0:f4pbMO1HYeEyAjB6gQf0

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      20240906e069a1b373f66e021faef987be2c722eicedidrhadamanthys

    • Size

      1.7MB

    • MD5

      e069a1b373f66e021faef987be2c722e

    • SHA1

      2ea59a8dfb60b51e2b786d71bbfcb6bb5f474744

    • SHA256

      235dc83b3a2b765e12e26960b6b90a2fbc7097d4bfb991118139d53fbfd12705

    • SHA512

      0ed23250b31fa506a520ac2e709f2db319b2c9d31c64f3bf5ec399a7d0345b7b30279962f3408c8f398ad89896e206d54520a9809f0569f43e4b86b941f8f4cc

    • SSDEEP

      49152:fdifhbdWza1F5YeEpoAXg7Cn5BJlT+Qr/FHwf0:f4pbMO1HYeEyAjB6gQf0

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks