Overview

overview

10

Static

static

3

fc9b74df3d...fa.dll

windows7-x64

10

fc9b74df3d...fa.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc9b74df3d6b4881b360c1708000acb92186baa9eed140bc0724cac1f3f640fa.dll

  • Size

    30.4MB

  • Sample

    250204-ffgt7swlav

  • MD5

    7527d6f4b89695fa80819b9f1121f8b6

  • SHA1

    a672f37c1b5514a96bf6bcb0d447bc8f4408fa19

  • SHA256

    fc9b74df3d6b4881b360c1708000acb92186baa9eed140bc0724cac1f3f640fa

  • SHA512

    dcd124ac0a1036d34be93818195b3ed586e675ce757008379017e704b5fc7d6dc8b25f81692ad7004b696c302bec19471302cc146002f576c0cd49b6a3bbbfc3

  • SSDEEP

    393216:Se3INPM39JWBqsr7+0Xx93by0WWZ2z8BCBkYplJIdqLV:SeYNM39JWBFrVx93bdZ2k8OdqLV

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      fc9b74df3d6b4881b360c1708000acb92186baa9eed140bc0724cac1f3f640fa.dll

    • Size

      30.4MB

    • MD5

      7527d6f4b89695fa80819b9f1121f8b6

    • SHA1

      a672f37c1b5514a96bf6bcb0d447bc8f4408fa19

    • SHA256

      fc9b74df3d6b4881b360c1708000acb92186baa9eed140bc0724cac1f3f640fa

    • SHA512

      dcd124ac0a1036d34be93818195b3ed586e675ce757008379017e704b5fc7d6dc8b25f81692ad7004b696c302bec19471302cc146002f576c0cd49b6a3bbbfc3

    • SSDEEP

      393216:Se3INPM39JWBqsr7+0Xx93by0WWZ2z8BCBkYplJIdqLV:SeYNM39JWBFrVx93bdZ2k8OdqLV

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks