rhadamanthys | e4cd575a0afa2a039622b62aabd9aa024851ac716d3d64edf59a2d639632bcb6 | Triage

Submit
Reports

Overview

overview

Static

static

5

sougou_output.exe

windows7-x64

sougou_output.exe

windows10-2004-x64

Resubmissions

08-10-2024 07:24

241008-h8prmayfnh 10

08-10-2024 07:10

241008-hzqmkayble 10

Sharing

General

Target

输入法（解压密码：sogou）.zip
Size

155.6MB
Sample

241008-h8prmayfnh
MD5

382a1252ea33ef78ab974669107bcdbf
SHA1

08037aa68d04e4f2c0fab50d7c87dd827310b406
SHA256

e4cd575a0afa2a039622b62aabd9aa024851ac716d3d64edf59a2d639632bcb6
SHA512

6d9c5d1cd1d528ce5c8108eed3a9dab831650a7c00f582b9c337f438c50f165df1a2df9aa2b77a50d29c4a0b14c2c58b5ca7c7468285a456316b607695059b1e
SSDEEP

3145728:B73yWE7TAIFHM+jmoil2axup/ZlSX5Z0JU7B6TF8EY1VAs+R0Lpb/d5ovqgduQ:pg3FHMXoil2ax+/OpKJUy8EMqh0Lpbop

Score

10^/10

rhadamanthys discovery stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

sougou_output.exe

Resource

win7-20240903-en

rhadamanthys discovery stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

sougou_output.exe

Resource

win10v2004-20241007-en

rhadamanthys discovery stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  sougou_output.exe
- Size
  
  155.7MB
- MD5
  
  c9afcf7bddb28f4741a097f6a55e4cfd
- SHA1
  
  158448adeb3c2aa19b0c37005d373b3ab4e6b9a7
- SHA256
  
  321d2e668a4d45c8fb0005fc7be1df5f748567e8206c35d8a7a083f2ce80263f
- SHA512
  
  408dc7a2a066ab047b220902ebaff39efe41d23c7423b137a3213c4e0344d68ce9bc06b9bd70d5f023a5787d5dc99a8e03c2c66c92fd3d574e8d630b6cf3987b
- SSDEEP
  
  3145728:XA/kfnZZRUWXNShZNxlb3oeUFRGp/K3GgUCoQKAQ6h398AWXNOQ14BDndvdXU:znTLXwXNf4eUSJK39U8KAQ6hN8AW9H13
Score

10^/10

rhadamanthys discovery stealer upx
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealerupx

behavioral2

rhadamanthysdiscoverystealerupx

© 2018-2024

Terms | Privacy