Overview

overview

10

Static

static

1

B-O-S-T-R-A-P-E-R.exe

windows7-x64

7

B-O-S-T-R-A-P-E-R.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B-O-S-T-R-A-P-E-R.exe

  • Size

    1.3MB

  • Sample

    250206-1317ksynby

  • MD5

    6b2997fc7396a92dba36300b22919eb5

  • SHA1

    668b7686960603f860850fb3b4717bd339557784

  • SHA256

    b3372fca3eb452875f5627f99b6c963684102a0f09f1fefd604f153de24b6ea7

  • SHA512

    6eddc2191c1859e5fe6a0045dc1797ef40e07760430662380c25e760fe45879a1c7f0ffa940154fc37f6c8e6b0017c66ed2b210f897739d6cefba2729764af51

  • SSDEEP

    24576:+zIp4NTME223+C0S1/B8TlsPPU++BoAunC6XtANU0poZslGtZ6GltIF0IU+LB:fdElzp1yTG3h+5uC6qxJQH57ImIJLB

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      B-O-S-T-R-A-P-E-R.exe

    • Size

      1.3MB

    • MD5

      6b2997fc7396a92dba36300b22919eb5

    • SHA1

      668b7686960603f860850fb3b4717bd339557784

    • SHA256

      b3372fca3eb452875f5627f99b6c963684102a0f09f1fefd604f153de24b6ea7

    • SHA512

      6eddc2191c1859e5fe6a0045dc1797ef40e07760430662380c25e760fe45879a1c7f0ffa940154fc37f6c8e6b0017c66ed2b210f897739d6cefba2729764af51

    • SSDEEP

      24576:+zIp4NTME223+C0S1/B8TlsPPU++BoAunC6XtANU0poZslGtZ6GltIF0IU+LB:fdElzp1yTG3h+5uC6qxJQH57ImIJLB

    Score
    10/10
    discoveryrhadamanthysstealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks