Overview

overview

10

Static

static

3

RG_Catalys...nu.dll

windows7-x64

1

RG_Catalys...nu.dll

windows10-2004-x64

1

RG_Catalys...er.exe

windows7-x64

1

RG_Catalys...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RG_Catalyst3.zip

  • Size

    13.4MB

  • Sample

    240914-vb3cnsthjq

  • MD5

    338528fe707b6cd3c5b702066f38e41f

  • SHA1

    e7e8484a06291e044d77a61d835b7a3c0e90fdc8

  • SHA256

    81babd3b171b54c1591b184dc234104e5ca1ede6ba598820649c12f6c8a0e9b3

  • SHA512

    e6dceac964afa3d64891264bcca1d539986ee9e94bd0bb306fbbd4704f180ae92f3c80385300a519b1c7c2cdd91be7fa2452fb1f40f86690fa912e4d69162d65

  • SSDEEP

    393216:Rr/YiRrqCcF9cxdt9rhNhphVM3RD8arKc84q/CN:Rr/3mCcF96DLNhNM1Zu94qE

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      RG_Catalyst3/Data/menu.dll

    • Size

      12KB

    • MD5

      c9c78c96cd57e682cc633df02483bdef

    • SHA1

      5bcaf1dd505842e05e6b7f603c52d180b0e4f9cb

    • SHA256

      8e1254cd6d363eb52633d7591ed8fed6779067370c52784814acf09a5a485ade

    • SHA512

      936156cf8fcd0a2823621a20ac52a9f60672554bed43657c518eb1882b66b7f660d6c6de4b9d58aff3c07334c2a9ba214bad25c2d19c6d0db2e29821c945b148

    • SSDEEP

      3:dLQt:Jo

    Score
    1/10
    behavioral1behavioral2

    • Target

      RG_Catalyst3/SetLoader.exe

    • Size

      35.9MB

    • MD5

      eb142f56ed73c4cce280fc3f3493429a

    • SHA1

      e1ce2464864482703abded9cbed4aaabc638a113

    • SHA256

      054364f58a17ec336ad19906082bb054b565f38de455d89f51ed02e290c75a72

    • SHA512

      75c97a01fe3963939233214093c419fdc3fc561e35e8884ee221e4dced3bab1baa9c4ed2fec6a95517de794728df1eef0e533357b16b719480aa7692910779c2

    • SSDEEP

      393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfd:fMguj8Q4VfvPqFTrYC

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks