Overview

overview

10

Static

static

3

msimg32.dll

windows7-x64

10

msimg32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msimg32.7z

  • Size

    26.5MB

  • Sample

    250126-phs5pasmen

  • MD5

    2deb626968d3f0a88ddf5eeecb8931ae

  • SHA1

    b122fde857869f4160a1c4c27ec71c03e5faec7c

  • SHA256

    850446aaa547dd4d286aeac1f1161b1aba09315f793c6ba2de3f00876a83bb29

  • SHA512

    4e536288d3ddb2ba364163bc860fd7234e623d513d2f25aeedc493385dfd3645f7a9a76a55deb64e5285bbb05c65bfaf9b5fb9c8092b17c3a5fad217421e1ef7

  • SSDEEP

    786432:LOo7jgeeFqdZLgNTV3cOHE6iTxmIWkS2d9CcYumRURGy:y2gfiw5vYEh9umzy

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      msimg32.dll

    • Size

      78.7MB

    • MD5

      d83a4f163a9a76a81dabcb7123df01d5

    • SHA1

      765d934964ce4d11bf37d662083d497f4fd685fe

    • SHA256

      d4e07d9cc1eaa08e84d2679f89829a4e8dec000b6ad1c793c3500df77f746b69

    • SHA512

      758a2fadbf033c54584ab7affd2a7291ec86a43da1b0b0c0d85a10df595643799e9c8796c3abb0e2262212ab5051f1ae8894b8fd0039710e8bce4d1da749b85c

    • SSDEEP

      1572864:gIP31m/9JRLQwY9FhWYeWmetINN6Hy/S5PQtOACiK1IHAdoI:TNoRLQwY9F+NrkFYup

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks