Overview

overview

10

Static

static

1

launcher.zip

windows7-x64

1

launcher.zip

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    launcher.zip

  • Size

    13.4MB

  • Sample

    241012-c8b8msshmq

  • MD5

    0d09102590621fdc32d7bdbd302a9e3f

  • SHA1

    4cf577548b6575ff84aeca8a0e9e9a6ced76f4ec

  • SHA256

    12053a39feabd429dedc85c58cf8e8bf7b58136683ec043d85a318094116f92e

  • SHA512

    0da119520a3138c780d524309eb856413240f2a27bb424c50cebf1db0da5995a1051f70aac04efd5f4555566180e2acee4e25c40c7e812f5a409186b5fcdf8da

  • SSDEEP

    393216:S+d6IiKvpP7FcCzeGno8/8Ms9jdwWJ4ThPVfA:nIIiMuY1no8kaAaPVY

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Targets

    • Target

      launcher.zip

    • Size

      13.4MB

    • MD5

      0d09102590621fdc32d7bdbd302a9e3f

    • SHA1

      4cf577548b6575ff84aeca8a0e9e9a6ced76f4ec

    • SHA256

      12053a39feabd429dedc85c58cf8e8bf7b58136683ec043d85a318094116f92e

    • SHA512

      0da119520a3138c780d524309eb856413240f2a27bb424c50cebf1db0da5995a1051f70aac04efd5f4555566180e2acee4e25c40c7e812f5a409186b5fcdf8da

    • SSDEEP

      393216:S+d6IiKvpP7FcCzeGno8/8Ms9jdwWJ4ThPVfA:nIIiMuY1no8kaAaPVY

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks