Overview

overview

10

Static

static

3

Loader/Loader.exe

windows10-1703-x64

10

Loader/Loader.exe

windows7-x64

7

Loader/Loader.exe

windows10-2004-x64

10

Loader/Loader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup_Installer_x32_x64_bit.zip

  • Size

    61.3MB

  • Sample

    241003-rysj7szglp

  • MD5

    7fd51f652ace2ac6037423e9b9dd7acf

  • SHA1

    e77bddb51d556d260464c409bb27716290299bdf

  • SHA256

    b47e08ce6d53f43190ac0916d21600657f6543115ca4fc41691341125cd80d45

  • SHA512

    ff6e73ba35204d5f6c2537e82fd0d3b79e73f870b0b1f0c3f8f5682fc1fb61bfa5e5928b37cb9ddf9775c6fbde1df5d50ff75c90d036108c20161e617ff5b58d

  • SSDEEP

    1572864:nl8dzqaSM1M+sB7Rer0RHWlYoONMTI0RHWlYoONMTlp0RHWlYoONMTP:wzqaScDoteA9WCN059WCN0lu9WCN0P

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/9dq0b1sl.pbl6a

Targets

    • Target

      Loader/Loader.exe

    • Size

      809KB

    • MD5

      1fa6f63dc052d94c27d91e79d36b69ac

    • SHA1

      31fc9f11f50deadeecfbec0471b191d573cfdc6a

    • SHA256

      a4b163b2ee1fe3ff2a3e673595942adac19fc76ddd18e823ef09c1c729796c53

    • SHA512

      44cca2e817a2b1895735003aa2f7c8e7559fe6cc3cff6006353d423814044dedf62f5d5da398ff6f5d12bfb6c4a7c4172ea1b86681b3bca9d480763e038a346d

    • SSDEEP

      12288:jedDsSDCFcmYF5uB9rbN7lDZJLU/IKiIWZs:Ax6cmYF5OV75Lk5iV

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks