Overview

overview

10

Static

static

1

YouTubePar...25.msi

windows7-x64

10

YouTubePar...25.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YouTubePartnerPolicyUpdate-Feb2025.msi

  • Size

    4.0MB

  • Sample

    250327-3ayxvs1qz9

  • MD5

    d96d9b0b72cafb9650a38844082e3429

  • SHA1

    89e5fca28a4c11249672e0d9c25c3cb6c1ece301

  • SHA256

    89676715c9429098e3e34a0ce0122d19d52e90153971c31665500f77c937daf6

  • SHA512

    9dbceaa6136b139a8d0e6c2aafeee8f3908fd8ea984e72e1488a6a0cddefb9753380814e7f7f029d65f0150ecaa3ab59cf78a0554a4cc9016c790d942e80a810

  • SSDEEP

    98304:cXN4t7ieVigQEVcZsa/EBCmf725w8MPUTO/7od9D:EN4ttiglmZs/72e8XyS

Score
10/10
rhadamanthysdiscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      YouTubePartnerPolicyUpdate-Feb2025.msi

    • Size

      4.0MB

    • MD5

      d96d9b0b72cafb9650a38844082e3429

    • SHA1

      89e5fca28a4c11249672e0d9c25c3cb6c1ece301

    • SHA256

      89676715c9429098e3e34a0ce0122d19d52e90153971c31665500f77c937daf6

    • SHA512

      9dbceaa6136b139a8d0e6c2aafeee8f3908fd8ea984e72e1488a6a0cddefb9753380814e7f7f029d65f0150ecaa3ab59cf78a0554a4cc9016c790d942e80a810

    • SSDEEP

      98304:cXN4t7ieVigQEVcZsa/EBCmf725w8MPUTO/7od9D:EN4ttiglmZs/72e8XyS

    Score
    10/10
    rhadamanthysdiscoverypersistenceprivilege_escalationstealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks