rhadamanthys

Resubmissions

23-01-2023 13:41

230123-qzjg9add79 10

27-12-2022 17:22

221227-vxl8ksfd97 10

27-12-2022 17:10

221227-vprhbsae8t 10

Sharing

Copy URL

Twitter E-mail

General

Target

VirtualBox_7.0-Download_Old_Builds_-_About_-_Documentation.zip
Size

45.8MB
Sample

221227-vxl8ksfd97
MD5

af64b7e90c6ab6ab41d30f3560493a5f
SHA1

28395db17798078b1db06514c4ef2a089c3988ef
SHA256

e198a1cf6988b3e8bffa5dec0b28c891c5ef4116c71fbc94d9a68ed9e9b444eb
SHA512

36bc1b46b5dfe174ba742538425261bd2389e535b7e95a8d9def9ef7a6899c70dbec7043775e3f18d05c96988042863c40b95c0acf682a3a4474263430b9dc48
SSDEEP

786432:cFcvFCL49PhTxLca5qMIgaNC8yXFV8QWVbQWV8QkVOQOVwQPVZQl6tFX2NGWN6nh:cFcvFj9DLP5q1rN1QCQRQDQNQ7Ql6tFr

Score

10^/10

Malware Config

Targets

- Target
  
  VirtualBox 7.0-Download_Old_Builds - About - Documentation.exe
- Size
  
  727.0MB
- MD5
  
  8d10972d8f4c00b6811783823e2e3ec6
- SHA1
  
  f6c86e26b6e55c71a02ee932bb0bae7200feaae1
- SHA256
  
  ab378c4f2a52e1c4a5e199917e37a4d58a4f2c0d7585bb6f68f353d4018aba8c
- SHA512
  
  27636191bd6c1da31cf0fee717c6fd612b2b5aa8b65e9ffa85566852abc6e12860b89baf3e50aeb6b2138a220d3bc737e6fa53b16983de3d04df5a9c239bfb97
- SSDEEP
  
  12288:JgWkSNSTtX+5kOzIGgn/5HY5o8e3Fu3R+ZysWra9PtdBtSt6x4fOddti1ySgJly8:fkSy+510TnDPPvit6x4wi1ySgJlWVO
Score

10^/10

rhadamanthys collection discovery persistence spyware stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  license.txt
- Size
  
  36KB
- MD5
  
  52e1764b62b94fbf828eb70cf762291e
- SHA1
  
  a2c98b614f392d0d2ceb747c6c63b810b2973c26
- SHA256
  
  36bd9785c82651801b99f68935fd5a0ef5c157473fbf3eb3a2d6d2796d12c84f
- SHA512
  
  d4f45e73a5daf3d62de847fe646ba237c5a3fb0512451caa630613ae51fe007aad073a64b7ac6bb51e0f7c00952c1494d2c5ff9d19b64a38bedef7c504761fe7
- SSDEEP
  
  384:wT4AYkQkEKfZOWpS8F5+CpIddFGWJakAZ1kKK0qWp5EeevvF5oUgNfIddg9kd:wTjTQkEiZbjv6Yv1kKjfgvtHe0
Score

1^/10
behavioral2
- Target
  
  readme_1013790.txt
- Size
  
  566KB
- MD5
  
  1d3951b6b916973b9750b43216bb91fb
- SHA1
  
  fd1abc2670b1d87cb0b0dc1ca0fb3ef289a65340
- SHA256
  
  b128084a842bae5fe997424a0d2dc94c05d7682577338321714862471755af26
- SHA512
  
  fa01c58ab57b81be6189d07f626527eb24aa461a54fdba13f29b46bda6f200430b4a5b4dc79f8f9b2f0886382781b72ae20e3a9392d94905a379cc2bac42b458
- SSDEEP
  
  3072:teKK2lEn4OHoOInTT4bcRtxYdvCOY7D9ct2:cKans/edc7D982
Score

1^/10
behavioral3
- Target
  
  zsys-master/.github/ISSUE_TEMPLATE/config.yml
- Size
  
  71B
- MD5
  
  d31ac1366f42fd6ec8109d9f3ea7942a
- SHA1
  
  e09d87e6a2433ceec5eeae0f0e322ff392eed73d
- SHA256
  
  a9904082627b89e5270206d3d3e4550e4e8b842c2c2274d433e9742e8f8e2500
- SHA512
  
  7402feacb398a74951dc4a1eecc11521a241e60b5502e6e618a5df4f3b77585d7687405e157e77e93c2532279cb28b58e1078814212c994069911cf7b264cd22
Score

3^/10
behavioral4
- Target
  
  zsys-master/.github/workflows/auto-updates.yaml
- Size
  
  3KB
- MD5
  
  8931f68c9219b082cb3de73b3b52788f
- SHA1
  
  5b8a03e12d38b2a813b0316918c00ef5aaff438b
- SHA256
  
  c898d5c1eef8678d827becfeff0e25376a4f3af13ed9b301491bf3ff983679c7
- SHA512
  
  0ac0ebf2a265bc75d4c66c3527090086ae691532b0a592d3577efa9729c84068530be5b61032e39924cd7b6f427ba971aaa2022c6fd345855c836a8d93708b35
Score

3^/10
behavioral5
- Target
  
  zsys-master/.github/workflows/commands.yaml
- Size
  
  729B
- MD5
  
  642b760df56dbb75d74a87136210cad3
- SHA1
  
  899a1237b6f90a9bc5133ccd39271d9ad536e302
- SHA256
  
  b9704fa3336af79ab14ed4f3dd9546dc01ba6934dd60414c9b93f1edfe345dc9
- SHA512
  
  ee91d9b06b9ba8acc1b3716eb0a33d5ba09073806074b3724ca81e3bb6386c4831cfbc143415210bdec8f7f2b626eac7b8cbeed4551b97cc37a86c590df6afdf
Score

3^/10
behavioral6
- Target
  
  zsys-master/.github/workflows/repo-quality.yaml
- Size
  
  5KB
- MD5
  
  6ee3b7a8296a77c7cb2170de255e18b8
- SHA1
  
  912af5afb7881f51a24ff830c81135a04d2e905c
- SHA256
  
  b50527730617e9a8a691deaed4e3dd7c93cf861888d9b7cbaafa84fe4890610e
- SHA512
  
  78ad4a88bf99792afbb9899cce02a3ce89fefffac38eee2eab43ebc4da0201d8c4b6ee9feb282da990fc99a07e341faeba5ccdca63bb1b15e4ddf4a4bde2518d
- SSDEEP
  
  96:vy+NUx+f+ynEpA2fyWB8qrhLwy1YG9yyA6wyZMTQYVlGe4tXBkIX9leIdhJ1:vy+NuducBjj26SxotFlTdp
Score

3^/10
behavioral7
- Target
  
  zsys-master/.gitignore
- Size
  
  363B
- MD5
  
  aebeb236fcd050aaa2620c6c9fa7a711
- SHA1
  
  96dbd9f077ec95c03a0dcc65748accc794191e87
- SHA256
  
  6c03e319cabb39954fd6e23acea8e70e1f39eea82e7a195f51cd8bb6b9a13198
- SHA512
  
  c1c715e6b1c535c820a389a9138c5ad528750b696887dde8301e19c3dcbcec0fa235f4c8556f06c8537a1515bd6d66448287c221eefc9a40aea10ea1bd4e2a91
Score

3^/10
behavioral8
- Target
  
  zsys-master/cmd/zsysd/client/userdata.go
- Size
  
  3KB
- MD5
  
  061616e4f0f9ce146562de1f02c563f6
- SHA1
  
  fef72fc1a866b09b6b85f7e4db8801f9c9aaa348
- SHA256
  
  e1ab9e00301b17961e4b7f94b7f9407f6b19b0b914db5025f036066340217632
- SHA512
  
  4c65e27dba20da75d55229af74a583e18fb7d3e2cf4c5f0607a00065f9b4a33e731c3db28f4a5a02ba09e84d287fbb5f22b776c3e013d36b27e26084e51ad6bb
Score

3^/10
behavioral9
- Target
  
  zsys-master/cmd/zsysd/client/version.go
- Size
  
  1KB
- MD5
  
  658a6e7482ecf7d8994422e76052aea9
- SHA1
  
  b0fd47256b29a4ad235a8e51de713f943c46e1f8
- SHA256
  
  596946560765899b44f55c7415cb9e0cf1704d214c0fcb0359673c825dabfb63
- SHA512
  
  08042805f8585a2a0e5975c890f6871a7ee38a82e0bd2d743fdce568ce0f1db5b198d4d7151f931f0040fc0c9a238787efcc9f87eb1a67de93bfbcb40fe6ff53
Score

3^/10
behavioral10
- Target
  
  zsys-master/cmd/zsysd/cmdhandler/common.go
- Size
  
  705B
- MD5
  
  9c0fafd28986b7e41cd4d9dfd63c9486
- SHA1
  
  1e55ec8f76c8256674ce15cda6a120a075d26c41
- SHA256
  
  f35816d51eaab8d8aab2cb1105905deafc06f7bae63f8efc8fe8d8e8cd8aec1a
- SHA512
  
  0602cc44f289e71e73f7c3bf4f719a99fd05073177b38c2dddbb7277cadf911b67251e5a174735dae0dea07a50e957f23cc52db4a7572077bc0961bf210ce6fd
Score

3^/10
behavioral11
- Target
  
  zsys-master/cmd/zsysd/cmdhandler/suggest.go
- Size
  
  2KB
- MD5
  
  9ea7a69a0261245e42071941ceac4a4f
- SHA1
  
  d3e44d7bb073704c1b1aca571d3888c4c6aabe97
- SHA256
  
  7d7b47a444bf6f60661b08b7ddf2854d4256aad1f4ec2034b667738e89a19ac1
- SHA512
  
  1c5267c6dfd723f38c3df6f229293bc6d139162a6c50c41c1ee894a00acdbc7597a200b03410d6b23f4a35b27b448ce67ed5351cdb3876186bbb87c9360a5cac
Score

3^/10
behavioral12
- Target
  
  zsys-master/cmd/zsysd/daemon/zsysd.go
- Size
  
  1KB
- MD5
  
  3146e54f56c714926348c3219dbfa792
- SHA1
  
  fede1277cb39e75eb48e8e4926a58cc5838eb237
- SHA256
  
  63138d5228817bf08f010ceddaacf6d8b689b92bb83a0ddecd3c2bae25886760
- SHA512
  
  9fba4dc876197a2d52159f291f2b04100bb700f490312648f88c04e06673e3600edfe0fa006378fdaa194886d9c0cb6630c02eabc309ceed4f0042bf11e483a5
Score

3^/10
behavioral13
- Target
  
  zsys-master/cmd/zsysd/main.go
- Size
  
  1KB
- MD5
  
  5766d5d0c3ebe2b01c7b16e2e9e07774
- SHA1
  
  8002c8f08d6bb23925ada614179989ca9e3722b7
- SHA256
  
  4233037e4ad872ffb8496b4755b900f70498a2a7d34aafc2ad85ebc9fc543762
- SHA512
  
  8c9bb049dac89a16fc7a33352700a90effb034e3437bc5f5a9a2573d2a2092bc621b1d3ffa1de90640808d563648f804940fa785ffb7dcc74edf05f7adbfe7cc
Score

3^/10
behavioral14
- Target
  
  zsys-master/internal/authorizer/internal_test.go
- Size
  
  4KB
- MD5
  
  1ec4712a78b7cfad46d9449131a74b12
- SHA1
  
  d940df58908d6ba60462d706822f5998d9ed240e
- SHA256
  
  747801d59ed76b3080a1eaf60ce4490098963446405e5adb6dc63408cdc3f37d
- SHA512
  
  1ee4d82cfaa1764c0f76655a80097f703a5a7fe151683c42ea4ef0eb74997cdd2b3170d110c9b68a4a931ff24ec89050ed2b2352cd9a430a83906a66aafa1e4c
- SSDEEP
  
  96:cO3yRofoyxGD5wb2yeOe6OoDq3Hx+CGGPKCBsbvxYZ:cayAOD6QRN9oQRExm
Score

3^/10
behavioral15
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/PULL_REQUEST_TEMPLATE.md
- Size
  
  351B
- MD5
  
  7f07e26e55e8ade43003417a2ccedbca
- SHA1
  
  a73fe7273b9e2272dd0851e44389112305460b2c
- SHA256
  
  7b6d4b10a7b00a2f94dfbc4b149f5e56c71a18d720387e967607ed8afb95cfcc
- SHA512
  
  b28573c0f977c830bad6dd5397fad3032cbed051d09c7884c1c35cf0a7c78519757724d3e2af822e058161127e7baf7f84ddf55869d3cbf1497394b385945260
Score

3^/10
behavioral16
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/images/screenshot.png
- Size
  
  126KB
- MD5
  
  d401807b8c5e83a5258df0365d8326b8
- SHA1
  
  189caf74e445acab2a04d4cace4fb90028403fe7
- SHA256
  
  ebf2c8cd125f08ed46abbf525654bae55f9dd64a5c8f3b7d21004e3a188f01c6
- SHA512
  
  a29df3df4f11d183ac2fdafd41a40c2180897ed34ff5b2dbd9dcd2ef2ea3f6f18801928e6a75bad2d451f5959391cabb819f2b4c3eba7a284bfe3458038be9a7
- SSDEEP
  
  3072:01Yp/kBnbisjEV74COA+omgz+Bx+erFokDv7aDrrslyT:aYpsBFEVvOAUBxXiS7aDP9T
Score

3^/10
behavioral17
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/workflows/analyze.yml
- Size
  
  408B
- MD5
  
  5ac335fbfab4670229dbf992d974aef8
- SHA1
  
  35665706dec19f8c964be8edd95466f1b2701b73
- SHA256
  
  8f7daa6a72b5f5cbb6b1c840b50a004f1da8f3346257f72176e731aa4d878132
- SHA512
  
  e873afd63f763d7c9cfd5df2cc75f92907d857295b4b1b85073ebe4d60ebe0ea7b6366740e8419eecaa0e43716b2a64c1153b45a76862c55b9eaa639aa8c8c69
Score

3^/10
behavioral18
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/workflows/build.yml
- Size
  
  737B
- MD5
  
  8f4d311d05e521187eb6d05604db979a
- SHA1
  
  c74181c6d5275742d46372567bff65aa951bf7c9
- SHA256
  
  32116b6c6969f213ab9cdfb0f300b2e31313f70fe6b1ca9ebaaeef582eed3abb
- SHA512
  
  e1d03c70af3ad585e6b2427926ea3e71de97d80aef02122cf6bab5afa28c5e041288d8c2b19ff585a989486332e323cd50e6c86f45f5b4a5aaf25622cf480969
Score

3^/10
behavioral19
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/workflows/format.yml
- Size
  
  421B
- MD5
  
  1cb9ba96871947fd8add463ee75b87df
- SHA1
  
  e099525965d9359fb7be3f88e6e83b2d2187e88a
- SHA256
  
  12e80dd40d15b3443fd1d62b96531e3690347f5e1eb66e89818da982088e9d34
- SHA512
  
  10acccf332c8bf7078d79e6166efc5d3866fa45f354c9f3304551091f4e24d9ab9f076b40ebb33770c24ba8de78848e7c328d639491d52abc37b6aa628a39b8d
Score

3^/10
behavioral20
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/workflows/publish.yml
- Size
  
  453B
- MD5
  
  92a97a7cca296cba2296d96776453e91
- SHA1
  
  2fca1c883f404e4976cb110f6ea969bed2494a67
- SHA256
  
  ab23ecdaf771177d7b74c5c6f5d9b83c30430e69ce03e21bf3a71e5a373aee45
- SHA512
  
  69b2495f57811ae430fc766364468bdc2dd9e3c5cf0913843018c7d1a734607082c18908b018ddfb39ffc3625de55912b6238e23d04e8987ac42b4fbdf800dea
Score

3^/10
behavioral21
- Target
  
  zsys-master/yaru_widgets.dart-main/.github/workflows/test.yml
- Size
  
  316B
- MD5
  
  ae2e3aea8142c6cc1cc20d417dc14b3c
- SHA1
  
  90197ffb3ae83c6a64d79b64268404ed94f658e6
- SHA256
  
  662500964152fb4cff240ea5a6631d299ad19847dc365306b7d0ad9982821e89
- SHA512
  
  320f414cc7440571b308124e14a98a3838fc6970039ec5a85edad1adede46095400fc358175c1580d60d69c4ea292181f9896d37a476478120c03c1c6ff41cc4
Score

3^/10
behavioral22
- Target
  
  zsys-master/yaru_widgets.dart-main/.gitignore
- Size
  
  903B
- MD5
  
  c0d55cb6c64a59dc9857665ef0205607
- SHA1
  
  984876e125028f7287f86884ad10679b8cd247cf
- SHA256
  
  6fd3379a59ca466fcdfd55227369689fc65187ba54b25d8d9b24358be406dc50
- SHA512
  
  860a9861dace30efa74f927dc38442ff3342c85f5d33063cb6981fef43fcb034e5449eb424f1bd83c1ddf21acbbbb9669c420fe6c5953756cc9f736c66d979a7
Score

3^/10
behavioral23
- Target
  
  zsys-master/yaru_widgets.dart-main/example/.gitignore
- Size
  
  695B
- MD5
  
  e5ddbf26d1f8a453826e75318ed4f49c
- SHA1
  
  61e76a42fe0e96e8bbc946678f63996a547fdbab
- SHA256
  
  81aa696c97e0d13365c7a71bada91e385b3761662320d333f64f6be999281c33
- SHA512
  
  7dbe368ce15611a7ce7cdba87d0e879d1c92d75b992a818bc83dcded15e548adb2d11aa9873129da911cde58f1fc3535af29cd805a9c6d5d66b6dcf266268b20
Score

3^/10
behavioral24
- Target
  
  zsys-master/yaru_widgets.dart-main/example/linux/.gitignore
- Size
  
  18B
- MD5
  
  512dc82cc7c62f40b1e946232def5a13
- SHA1
  
  cf4f48a05192c4b17f4e92c45fdcf649e1af2c46
- SHA256
  
  5ded4f1a9d10d34bf6ee5beb0711d88ee2ef07b0f07ace9ed77935a246e8eb82
- SHA512
  
  cc0a0c32a23f97c03d5c7148470c28f706e49cdde546295f1cf40df10c549619c0a88ad5de92e83046f5c34ce032c10ed2d730f903a08a4aa213f15a8fefa759
Score

3^/10
behavioral25

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detect rhadamanthys stealer shellcode

Blocklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25