Overview

overview

10

Static

static

3

nedfe.rar

windows7-x64

10

nedfe.rar

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nedfe.rar

  • Size

    2.2MB

  • Sample

    250129-w2ejzavkbk

  • MD5

    accc94d0684fbb9e043d2863696b5ae0

  • SHA1

    03a71e4036d8950907fd405381d5bcfea0c2c684

  • SHA256

    e18b6d133656117a09751990c173b1a19136568d455b5b0c10b5e3e91151915b

  • SHA512

    6c933dda5bdcd3ac0ba098198062b3f4a3d599a3104dc98a4bd66358a515c9d98cd79627d083aaf18c203b1b1708fd38ad11205fa7b2597a11f36e03029c4b2a

  • SSDEEP

    49152:uR7m07hzxQzTzgzLIgEEXKRGyLYvrv5xofaG/ZH1DejeD8mJ3mXQJmBo0:o0ALIgExRGzrv5WZVDejq2A6

Score
10/10
rhadamanthysdefense_evasiondiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

    • Target

      nedfe.rar

    • Size

      2.2MB

    • MD5

      accc94d0684fbb9e043d2863696b5ae0

    • SHA1

      03a71e4036d8950907fd405381d5bcfea0c2c684

    • SHA256

      e18b6d133656117a09751990c173b1a19136568d455b5b0c10b5e3e91151915b

    • SHA512

      6c933dda5bdcd3ac0ba098198062b3f4a3d599a3104dc98a4bd66358a515c9d98cd79627d083aaf18c203b1b1708fd38ad11205fa7b2597a11f36e03029c4b2a

    • SSDEEP

      49152:uR7m07hzxQzTzgzLIgEEXKRGyLYvrv5xofaG/ZH1DejeD8mJ3mXQJmBo0:o0ALIgExRGzrv5WZVDejq2A6

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverystealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks