rhadamanthys | 988ac9e194dbe48358cb0bc14bb0872b7fb483c4dfdb9ab55d1f0e7f385f52be | Triage

Submit
Reports

Overview

overview

Static

static

dca16a0e7b...f5.exe

windows7-x64

dca16a0e7b...f5.exe

windows10-2004-x64

Sharing

General

Target

8662276816.zip
Size

103KB
Sample

221226-1ep5eadg74
MD5

94a047a183b3e6cf1bf4fcb4ef946de8
SHA1

1fdeefd1fe8a888f6e7ade12f69b334a90485c26
SHA256

988ac9e194dbe48358cb0bc14bb0872b7fb483c4dfdb9ab55d1f0e7f385f52be
SHA512

9c9cfc11d3531e1cc549a30fdba44330e585b95d6fe81c77a089e5675dd5042337454d7eac9da6233ddb36a55eb2881659c3b8ad8d1ab5927def6e0d35fa64e5
SSDEEP

1536:XUejdBEsAw5nL0980WUB3QZwdMcn8Duu+Mz5f2QzyVLh/cPTVpHqI8t/1Onwn:Z5Oxw5nLO80WUBNdM1zkVLpi3Hp8twW

Score

10^/10

rhadamanthys collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5.exe

Resource

win7-20221111-en

rhadamanthys collection discovery spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5.exe

Resource

win10v2004-20220812-en

rhadamanthys collection discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5
- Size
  
  149KB
- MD5
  
  221c3bf6b4e3c355fdce087122511fe4
- SHA1
  
  975c36eb0442edd4d42996a3dd554ab36f95ff55
- SHA256
  
  dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5
- SHA512
  
  edacc09d25e4c9d1d19885abe2fea72aff44e75862d9c3f1aa158edf5c40d635551abb820e89533696a4e9f3664e45c18f112a2a81e94d3badf13ed0b5acbcb4
- SSDEEP
  
  3072:sY8Ah6pPHmZbnjL9/LZHR29C6BoFQ9QQMb7d2Y+lO662kosOgl7A8lhOlAETZeiS:h8AhKvmZbjL9/lHR29vkQ9lMUSnbOgl7
Score

10^/10

rhadamanthys collection discovery spyware stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rhadamanthyscollectiondiscoveryspywarestealer

behavioral2

rhadamanthyscollectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy