Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2RHQmw2eHZCVUNHRFl2b2FVb1dQNXR6MDVMZ3xBQ3Jtc0tuaXlnZkhPekFnZlFOWTJUdU9NS3NjbkF3dE5UdlZIelBJNWdSRHR5eWdPZW5hVURtTUIzQ09QcDY3ZFNBVlNtWVB2eGNtVTF4eVRUXzVHTEl4WXQzSVVJRFhkNU1kMFFUOGpBRFZ5Y1g0V192V1NnOA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F85txqbn671ucv%2Frbscrpt&v=QyV5jYyv6Uc

  • Sample

    250204-ac87dszlfp

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2RHQmw2eHZCVUNHRFl2b2FVb1dQNXR6MDVMZ3xBQ3Jtc0tuaXlnZkhPekFnZlFOWTJUdU9NS3NjbkF3dE5UdlZIelBJNWdSRHR5eWdPZW5hVURtTUIzQ09QcDY3ZFNBVlNtWVB2eGNtVTF4eVRUXzVHTEl4WXQzSVVJRFhkNU1kMFFUOGpBRFZ5Y1g0V192V1NnOA&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2F85txqbn671ucv%2Frbscrpt&v=QyV5jYyv6Uc

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks