Overview

overview

10

Static

static

1

modest-menu.exe

windows7-x64

10

modest-menu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    modest-menu.exe

  • Size

    150.0MB

  • Sample

    250205-y7j3rasrgr

  • MD5

    0dc0df7f665999bf4f5f925fb8e29d17

  • SHA1

    d1f85a67e6fe4fd57cc87fc9b0cfe1f44bb2b7fc

  • SHA256

    0f991b399e9957f3f04fb04adac413d95433aa7b52694cfc416f38d946854738

  • SHA512

    adf1377238d887e3e0bb9f23318862647e8fbda4c55640ec5b56533c9aaf9ee93d787bda13bf7e131c40bccda175f1d5057e008ebb0763a16be3b0ab8abed425

  • SSDEEP

    24576:/nhVSVjJRWKDcdiKsBI0Qa5KnsBpTMTcKE9B9tz+Ugk0H/n31h:ijJR6OyQL9B9+k0HPlh

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      modest-menu.exe

    • Size

      150.0MB

    • MD5

      0dc0df7f665999bf4f5f925fb8e29d17

    • SHA1

      d1f85a67e6fe4fd57cc87fc9b0cfe1f44bb2b7fc

    • SHA256

      0f991b399e9957f3f04fb04adac413d95433aa7b52694cfc416f38d946854738

    • SHA512

      adf1377238d887e3e0bb9f23318862647e8fbda4c55640ec5b56533c9aaf9ee93d787bda13bf7e131c40bccda175f1d5057e008ebb0763a16be3b0ab8abed425

    • SSDEEP

      24576:/nhVSVjJRWKDcdiKsBI0Qa5KnsBpTMTcKE9B9tz+Ugk0H/n31h:ijJR6OyQL9B9+k0HPlh

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks