Overview

overview

10

Static

static

3

App_Installer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    App_Installer.exe

  • Size

    68.1MB

  • Sample

    241004-pfdl8axera

  • MD5

    9ce5da2670c3f3105dccfd2a7a8b8ea8

  • SHA1

    7ea79e80b932fb1d5bb90f8aa2177891fffd11e9

  • SHA256

    4bdbf8c72c59d5d804c4f3e128f1326a00c7df5822d341988737f5b74ccfefa2

  • SHA512

    42d6ad0ca02e37629983b1b8da8caa8f4c5e4c930c67148901001f5888bcd9e198b6dd1ef6682e12f640ca286378fce67707f3bbcb4c019b6edb4ff1f284cd4a

  • SSDEEP

    786432:Ysh10dBsh10dZsh10dCsh10dgsh10dTsh10dPsh10d8sh10d+sh10dFsh10dtshp:dkEksk9k/kGkakPkdkgkwkZk/k1k+k

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.184.26.10:4928/e4eb12414c95175ccfd/Other_5

Targets

    • Target

      App_Installer.exe

    • Size

      68.1MB

    • MD5

      9ce5da2670c3f3105dccfd2a7a8b8ea8

    • SHA1

      7ea79e80b932fb1d5bb90f8aa2177891fffd11e9

    • SHA256

      4bdbf8c72c59d5d804c4f3e128f1326a00c7df5822d341988737f5b74ccfefa2

    • SHA512

      42d6ad0ca02e37629983b1b8da8caa8f4c5e4c930c67148901001f5888bcd9e198b6dd1ef6682e12f640ca286378fce67707f3bbcb4c019b6edb4ff1f284cd4a

    • SSDEEP

      786432:Ysh10dBsh10dZsh10dCsh10dgsh10dTsh10dPsh10d8sh10d+sh10dFsh10dtshp:dkEksk9k/kGkakPkdkgkwkZk/k1k+k

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks