Overview

overview

10

Static

static

3

application.rar

windows10-2004-x64

10

Loader_dll...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    application.rar

  • Size

    25.1MB

  • Sample

    250203-wr9mcszqfp

  • MD5

    edf2e86f4c4725a53f745df014fef390

  • SHA1

    a53439c65d2084ea05952894e596b9fbe05abcf9

  • SHA256

    bd81ca8a166107a79709ed9c51850afa8aa4116c1e61b0d1010211464f7e8aa0

  • SHA512

    77f278ca79f16d66d9bc5af3bda2d04bc495a484303e9aa5076ecafa9964e543bf13477fd38d70c4fb84be26cf79c90b40c45656bc52d39c3e91f206dbd40a58

  • SSDEEP

    786432:BuWMpkGNoHrkMIuSBwL6R0Qe9UZdf3gsuMjGOV1:BujpkOoHrkMIuVLZQoUT2M6C

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Targets

    • Target

      application.rar

    • Size

      25.1MB

    • MD5

      edf2e86f4c4725a53f745df014fef390

    • SHA1

      a53439c65d2084ea05952894e596b9fbe05abcf9

    • SHA256

      bd81ca8a166107a79709ed9c51850afa8aa4116c1e61b0d1010211464f7e8aa0

    • SHA512

      77f278ca79f16d66d9bc5af3bda2d04bc495a484303e9aa5076ecafa9964e543bf13477fd38d70c4fb84be26cf79c90b40c45656bc52d39c3e91f206dbd40a58

    • SSDEEP

      786432:BuWMpkGNoHrkMIuSBwL6R0Qe9UZdf3gsuMjGOV1:BujpkOoHrkMIuVLZQoUT2M6C

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral1

    • Target

      Loader_dll/loaderV12.exe

    • Size

      62.3MB

    • MD5

      8e533e9d973e49f1251a5a5343650130

    • SHA1

      2c94ccaf726d034c426425e6b74755b941880566

    • SHA256

      6465765c30c964f99f3afadb81383993893cfcbb47d4740b368a11e5dc614f1e

    • SHA512

      a03ce278551642f8e615dbf617d6480794909f5648e108644f1db9c5a694a334c6b14ed3bc1b82da65e67e78d2d03f3871335d19116ad4624fdc1e0ca32a0d38

    • SSDEEP

      393216:W5HH6Cms5ku95LoagbWWToiadeqW5ZKwq/2Q3HAswsOjNnFRujVebELXD6uP9wjT:WhH6CmsXV1WpaAPZc2ugV2ebVuP+/

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks