Overview

overview

10

Static

static

3

Launcher.exe

windows7-x64

10

Launcher.exe

windows10-1703-x64

10

Launcher.exe

windows10-2004-x64

10

Launcher.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CCleaner_Pro.zip

  • Size

    31.2MB

  • Sample

    241003-sddqzsvcme

  • MD5

    d9e89548a203c6cea819e6d654c13c9f

  • SHA1

    623ff72abf56b71f79b6978846c4605e4f064910

  • SHA256

    91d2a52f3ccc94057ef09bff7a5591271aef63f04029c48b7a28cd7240e601b6

  • SHA512

    7fb3974dece415b68f49f10a65e2d5f270e883509cd5119bf5679086adb3991262228f7fe50325014556a096328de56caaa3d21da47cf686e4a7b6acd2f9d3e1

  • SSDEEP

    786432:8EUrpJpScjZUDNA9rtQy8RW6E4AYTIHjLwO9loKc95:8EUrrp7jZwNgiFBEBYmPwO9lodP

Score
10/10
rhadamanthysdiscoveryexecutionpersistencestealer

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      364KB

    • MD5

      93fde4e38a84c83af842f73b176ab8dc

    • SHA1

      e8c55cc160a0a94e404f544b22e38511b9d71da8

    • SHA256

      fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03

    • SHA512

      48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec

    • SSDEEP

      6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2

    Score
    10/10
    rhadamanthysdiscoveryexecutionpersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Adds Run key to start application

      persistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks