Overview

overview

10

Static

static

3

Loader.exe

windows10-1703-x64

10

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

10

Loader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.zip

  • Size

    645KB

  • Sample

    241003-rwfgvszflj

  • MD5

    59a613be48dc9bff709915f0e2e83d8c

  • SHA1

    fa6dd2151984dbbdf24e68524f69de3ef8f8d678

  • SHA256

    6ca6af9221c1ba8473fa0bbf9fc6813c9718e28b69843883188eb4aaddfc7ea6

  • SHA512

    52b728feb629ce630f13371a56c5e5a663800d851f7d21fc0d87a41d1ac0db8fdb7843d9dc7383c859218c062a4da6e12253b81eeead51c14c1f58f3ffe2cd1c

  • SSDEEP

    12288:zSheTvkWhNUBJkf6gH71MGyl9RkVzAEQv3YjyrLQQiSAiBLU34OIFpFHSx0vw:zYGvkWhGYigbyFl9qqv3YGrLQQiX4XFk

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/9dq0b1sl.pbl6a

Targets

    • Target

      Loader.exe

    • Size

      809KB

    • MD5

      1fa6f63dc052d94c27d91e79d36b69ac

    • SHA1

      31fc9f11f50deadeecfbec0471b191d573cfdc6a

    • SHA256

      a4b163b2ee1fe3ff2a3e673595942adac19fc76ddd18e823ef09c1c729796c53

    • SHA512

      44cca2e817a2b1895735003aa2f7c8e7559fe6cc3cff6006353d423814044dedf62f5d5da398ff6f5d12bfb6c4a7c4172ea1b86681b3bca9d480763e038a346d

    • SSDEEP

      12288:jedDsSDCFcmYF5uB9rbN7lDZJLU/IKiIWZs:Ax6cmYF5OV75Lk5iV

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks