Overview

overview

10

Static

static

3

lestvpn.exe

windows7-x64

10

lestvpn.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lestvpn.exe.v

  • Size

    14.5MB

  • Sample

    240910-q9rllsyale

  • MD5

    acdaf35aa2e0134025ace04b6ca485f6

  • SHA1

    724abebf2991d5abe605d011d29c3d2a7df7ee87

  • SHA256

    9b09c0bda213a1807cc1a904dce72f68089c0ae7c4b2df7ccee30ef505cf03b1

  • SHA512

    c7aea84e645017ea118f073d59863ed55df2e1f9c0e9340683aa2883f118b666e097b362330bd2a6beb898e7c89e127fcebb91296271b1a038b4b4677ce029c9

  • SSDEEP

    393216:twbtBNVjdb3M6hsxujJXTZC5ztrctDlbylnfmUV:t0tZjeEssj5TEtA/byln3

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Targets

    • Target

      lestvpn.exe.v

    • Size

      14.5MB

    • MD5

      acdaf35aa2e0134025ace04b6ca485f6

    • SHA1

      724abebf2991d5abe605d011d29c3d2a7df7ee87

    • SHA256

      9b09c0bda213a1807cc1a904dce72f68089c0ae7c4b2df7ccee30ef505cf03b1

    • SHA512

      c7aea84e645017ea118f073d59863ed55df2e1f9c0e9340683aa2883f118b666e097b362330bd2a6beb898e7c89e127fcebb91296271b1a038b4b4677ce029c9

    • SSDEEP

      393216:twbtBNVjdb3M6hsxujJXTZC5ztrctDlbylnfmUV:t0tZjeEssj5TEtA/byln3

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks