Overview

overview

10

Static

static

3

709cbb4597...1c.dll

windows7-x64

10

709cbb4597...1c.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    709cbb4597154816bd82e8043ce9025371dbffcf84bbe323ab5fc0bc26aa261c.dll

  • Size

    39.2MB

  • Sample

    250204-envwcsvkfz

  • MD5

    065ba31c88287283ea37b963c29843a5

  • SHA1

    1dd0fef2b44cf95776439c2e34b0306c031a8ca5

  • SHA256

    709cbb4597154816bd82e8043ce9025371dbffcf84bbe323ab5fc0bc26aa261c

  • SHA512

    3d167e4f89a9a92c909ca404d2db30b564dee2a91f0cd04d46e6bef175943d0e38d2cbd12910b68cd20398dbf30730129aed4fc1d6ae0c7ae3fe2992b7e5ab4f

  • SSDEEP

    393216:xe3INPM393Bqsr7+0Xx93by0WWZ2z8BCBkYplJIdqpLfX:xeYNM393BFrVx93bdZ2k8OdqpLP

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      709cbb4597154816bd82e8043ce9025371dbffcf84bbe323ab5fc0bc26aa261c.dll

    • Size

      39.2MB

    • MD5

      065ba31c88287283ea37b963c29843a5

    • SHA1

      1dd0fef2b44cf95776439c2e34b0306c031a8ca5

    • SHA256

      709cbb4597154816bd82e8043ce9025371dbffcf84bbe323ab5fc0bc26aa261c

    • SHA512

      3d167e4f89a9a92c909ca404d2db30b564dee2a91f0cd04d46e6bef175943d0e38d2cbd12910b68cd20398dbf30730129aed4fc1d6ae0c7ae3fe2992b7e5ab4f

    • SSDEEP

      393216:xe3INPM393Bqsr7+0Xx93by0WWZ2z8BCBkYplJIdqpLfX:xeYNM393BFrVx93bdZ2k8OdqpLP

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks