Overview

overview

10

Static

static

1

tsle.exe

windows7-x64

10

tsle.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tsle.exe

  • Size

    120.0MB

  • Sample

    250202-snp7rsyrck

  • MD5

    9739a3d255750bcdd5fc80b4447c909c

  • SHA1

    e4b1a4901b0d8c3a5a9bde04d38c1157c1eff112

  • SHA256

    8ede4a06d9bcc42d970740c07a1181736be1820485c6f8eda71053fccceb52f2

  • SHA512

    5c08fbea5760fd0b99fad1108fdbc4c28fb036791d63e41949935e69931a09003adf49bd1e611f6e6a5e2fa33b329cfdc187683cf139551c505e007a8b5a29a3

  • SSDEEP

    49152:ef9dFOSf+xM7FDT9TRu1vDTWyEb8twESl:eASfrFDl45DTwmXSl

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      tsle.exe

    • Size

      120.0MB

    • MD5

      9739a3d255750bcdd5fc80b4447c909c

    • SHA1

      e4b1a4901b0d8c3a5a9bde04d38c1157c1eff112

    • SHA256

      8ede4a06d9bcc42d970740c07a1181736be1820485c6f8eda71053fccceb52f2

    • SHA512

      5c08fbea5760fd0b99fad1108fdbc4c28fb036791d63e41949935e69931a09003adf49bd1e611f6e6a5e2fa33b329cfdc187683cf139551c505e007a8b5a29a3

    • SSDEEP

      49152:ef9dFOSf+xM7FDT9TRu1vDTWyEb8twESl:eASfrFDl45DTwmXSl

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks