Overview

overview

10

Static

static

3

Xsclpdjw.exe

windows10-2004-x64

10

Xsclpdjw.exe

windows11-21h2-x64

10

Resubmissions

29/05/2025, 17:03

250529-vkpsyabn2s 10

20/05/2025, 20:05

250520-ytyc8asjv3 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Xsclpdjw.exe

  • Size

    1.4MB

  • Sample

    250520-ytyc8asjv3

  • MD5

    9e835b195b462eb8adca07d686440e7b

  • SHA1

    c03bd7b00d733c961aff1b55b2d300932f0f35c2

  • SHA256

    402c20125cc683ad940ebd9e4395cf53f0dc5308726ac0689bd831b2783f24cc

  • SHA512

    e645087981823b30fe63aa40567d01523dc847000e88ddc3402e8b085b55d901a969de400eaaaf3eb6b071b2906ff216de0fe2a106cff8fae5c5504d6a5f9a3d

  • SSDEEP

    24576:q6NEDKi8bT3eYgC3CbZGrdC5cYGKEJSb0ZqYPqQysE0Oc2V8n3eub:TxqC3Cb09YraSiXqpcZ3eub

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      Xsclpdjw.exe

    • Size

      1.4MB

    • MD5

      9e835b195b462eb8adca07d686440e7b

    • SHA1

      c03bd7b00d733c961aff1b55b2d300932f0f35c2

    • SHA256

      402c20125cc683ad940ebd9e4395cf53f0dc5308726ac0689bd831b2783f24cc

    • SHA512

      e645087981823b30fe63aa40567d01523dc847000e88ddc3402e8b085b55d901a969de400eaaaf3eb6b071b2906ff216de0fe2a106cff8fae5c5504d6a5f9a3d

    • SSDEEP

      24576:q6NEDKi8bT3eYgC3CbZGrdC5cYGKEJSb0ZqYPqQysE0Oc2V8n3eub:TxqC3Cb09YraSiXqpcZ3eub

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »