Overview

overview

10

Static

static

10

vincent_rhad.exe

windows10-2004-x64

10

Resubmissions

27-11-2024 10:04

241127-l4fjyawjcj 10

31-08-2023 11:48

230831-nypxjaeh73 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vincent_rhad.exe

  • Size

    456KB

  • Sample

    241127-l4fjyawjcj

  • MD5

    014b6d7fd900989ef6cbac0aaddf7026

  • SHA1

    f3bfdcd146a1c56da652dc1d3317c00b81b8e053

  • SHA256

    14ba649ece39c9ccd1c0aea0e1be52543860cd4046bd200bb9fe6c97e51a1319

  • SHA512

    11e98446af77f2fd6904d8c53adcd721777b824fdf6686c943acefea172e721b70f3c806d6ffa6f9f88d91cfbbfe76b06b3e98a17dd0ad30c17a0110c6c52024

  • SSDEEP

    6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+8:2uWP/BZUyoLu8Agsmxwrvejkd2

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://136.243.177.54:8010/04ec72a1e29a5/w1n8650b.2hmlq

Targets

    • Target

      vincent_rhad.exe

    • Size

      456KB

    • MD5

      014b6d7fd900989ef6cbac0aaddf7026

    • SHA1

      f3bfdcd146a1c56da652dc1d3317c00b81b8e053

    • SHA256

      14ba649ece39c9ccd1c0aea0e1be52543860cd4046bd200bb9fe6c97e51a1319

    • SHA512

      11e98446af77f2fd6904d8c53adcd721777b824fdf6686c943acefea172e721b70f3c806d6ffa6f9f88d91cfbbfe76b06b3e98a17dd0ad30c17a0110c6c52024

    • SSDEEP

      6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+8:2uWP/BZUyoLu8Agsmxwrvejkd2

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks