Overview

overview

10

Static

static

3

hoge.exe

windows7-x64

10

hoge.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hoge.bin

  • Size

    621KB

  • Sample

    240614-jgjxqszhkc

  • MD5

    be87ad5596852c9930270778e9eced54

  • SHA1

    34a1842d2fd4dbcdc27b892d18ad920ac9d03826

  • SHA256

    38c17f2c490cee233f17e6484a1f3c25f3bff8d99ea0d6010f720b848d6a223e

  • SHA512

    a16e49beb95f461ff5d4af63017bdcd9844800e8037d43942e28e0a3dfa71ceb0808e5020f955380902fdb4c9887ed6e092cfce9a9cf24f6be2e3e9586dbef04

  • SSDEEP

    12288:zE50GSHrG6W42JcycysY0V3D9wCV+2nXGwnUP345WRgG3OkGGs/Lwmm:o+GSHrG6W42JcychY0FD9wCVBHw3yeJF

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      hoge.bin

    • Size

      621KB

    • MD5

      be87ad5596852c9930270778e9eced54

    • SHA1

      34a1842d2fd4dbcdc27b892d18ad920ac9d03826

    • SHA256

      38c17f2c490cee233f17e6484a1f3c25f3bff8d99ea0d6010f720b848d6a223e

    • SHA512

      a16e49beb95f461ff5d4af63017bdcd9844800e8037d43942e28e0a3dfa71ceb0808e5020f955380902fdb4c9887ed6e092cfce9a9cf24f6be2e3e9586dbef04

    • SSDEEP

      12288:zE50GSHrG6W42JcycysY0V3D9wCV+2nXGwnUP345WRgG3OkGGs/Lwmm:o+GSHrG6W42JcychY0FD9wCVBHw3yeJF

    Score
    10/10
    rhadamanthysstealer

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks