Overview

overview

10

Static

static

3

launcher.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    launcher.exe

  • Size

    35.9MB

  • Sample

    240926-tfh9xsyepa

  • MD5

    d4eca6136281d617dcfac5bae3349e70

  • SHA1

    c6941cd9df4f7db4bdf6bd163869016a2520d644

  • SHA256

    0777bba437bc66725d3e00f17810a1dee973fef63808d3d14aa046503a5589a6

  • SHA512

    a17b7bc6985304008649b8b6a009f675b3570e14a39e0073ea6cd00dca5ffecc0acedcc67f9c250e35b09d3c941540e74b338795f1cff12172c137d525afeb8a

  • SSDEEP

    393216:i1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfF:iMguj8Q4Vfv1qFTrYuz

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Targets

    • Target

      launcher.exe

    • Size

      35.9MB

    • MD5

      d4eca6136281d617dcfac5bae3349e70

    • SHA1

      c6941cd9df4f7db4bdf6bd163869016a2520d644

    • SHA256

      0777bba437bc66725d3e00f17810a1dee973fef63808d3d14aa046503a5589a6

    • SHA512

      a17b7bc6985304008649b8b6a009f675b3570e14a39e0073ea6cd00dca5ffecc0acedcc67f9c250e35b09d3c941540e74b338795f1cff12172c137d525afeb8a

    • SSDEEP

      393216:i1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfF:iMguj8Q4Vfv1qFTrYuz

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks