Overview

overview

10

Static

static

3

talkprevai...ro.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae6f44044beb60448adf3d9560d48cdff509a036990d7553b9213681d2eb01b9.zip

  • Size

    9.5MB

  • Sample

    250403-scvm4sx1dt

  • MD5

    1d7647ee1104052200924d036b1713e8

  • SHA1

    0c4c2c71f0c13ffb2fdc3e2b0aa0c0c02814acf8

  • SHA256

    ae6f44044beb60448adf3d9560d48cdff509a036990d7553b9213681d2eb01b9

  • SHA512

    4bb40a8c173ed4cf792826bea9f24a7772b104a9d185cacb514f45cf0d24e9ddc68880e25d062eaea7c5fc315ce8f70204b6f8fb8dd397e99a49cf994251f8c7

  • SSDEEP

    196608:anZoXVKc3QRm1xkxI0YEx5PFyAGstI76twpjOySzjHe31JCd0r:aZ4VKc3QwxkgExpAeObpjxSzj+3E8

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.85.250.221:4827/dd66d96a09e5b9d57/a69a5xng.g9hd2

Targets

    • Target

      talkprevailingpro/talkprevailingpro.exe

    • Size

      9.5MB

    • MD5

      d6ec984243c2f7d64fdb68dfc869db58

    • SHA1

      c42b45be65803b5aac2f517cf1c08972567ea3ad

    • SHA256

      5aa1ff83735375676ef3d2261890a73a0bb55dc14527c36f56c485280c42d511

    • SHA512

      fd1834e21e68abab054b36f6064acdaa4409b57d90999b8f501a323a0185bdb5d2dfa2deffdd985d5911f4d584853ae76e3bfcda3a3bdf0ddd8dcdfc040d2c56

    • SSDEEP

      196608:N5PaXTK8B8hKljsx8YmGNTNFC0eoPa1AZiXNaaM7hZgLLTYZGq:NZCTK8B8qjsIGNBwcyxXNfM7huLg5

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks