Overview

overview

10

Static

static

10

de_rh.exe

windows7-x64

10

de_rh.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de_rh.zip

  • Size

    258KB

  • Sample

    250131-k12gkatlfk

  • MD5

    c2a681219e09a5082e821a0611cb4343

  • SHA1

    8b3bbd07abcdc3fbd7782db272a955dec6f428be

  • SHA256

    8d7a7ebfcb951b0b7d65b2527e387495a3b65dabe61bcbb08243c40bc29c69d6

  • SHA512

    d72fedcd40ea9604353e992dbb4e6036c520e03c4b08e36ae912a587e0722fa0e4e6f4c3606030d8eb6932b858f00400d4e54f7a882bfdbe9442ff446b03515c

  • SSDEEP

    6144:3oABoVhN5dY9XLqY4fdTfP4wTtbmHao5QFGKBy75bC31:shDC5LqYilwwxbmHaoyFtBy75G31

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      de_rh.exe

    • Size

      439KB

    • MD5

      4d8c17ce240224e3db7e1477b1de6845

    • SHA1

      513fe77b749aface2758bbdfefc8f1ae9e75c654

    • SHA256

      a871bde353ec15742bb456b550c0d24a7d6687320a62ffcd24e6338474e3c225

    • SHA512

      ba65cc7554a58f4703f10d6c14f02aa72b513da97f065bbf38e06494e9fa7a75d12323d67f9f9ecb6f799cdb400862a91a082ddae9d1f11115f9596691091bd0

    • SSDEEP

      12288:1O7k28xC7HMDVBjfbL5S6IZ7OGQN/RutyU3ivG/6t9:+OS6IZ7QN/R8yoaG/e

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks