rhadamanthys | f17b2ecce5a84b6c0a34cd138bfd975d36d6ec1e365cfbef79b463a97ad375e8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

a526b69375...e4.exe

windows7-x64

a526b69375...e4.exe

windows10-2004-x64

Sharing

General

Target

a526b69375a52ad3b9d8b12468259ee4.exe
Size

91KB
Sample

230307-pny8wshh92
MD5

a526b69375a52ad3b9d8b12468259ee4
SHA1

17b1065d9f8fa646e401312899c9547f5aa088d8
SHA256

f17b2ecce5a84b6c0a34cd138bfd975d36d6ec1e365cfbef79b463a97ad375e8
SHA512

f066fdc73f13201653c998343d2471525e6078ef585a00b8544f7035cfc89d91959a7a58ef298f7d608928995af41b20d5a3b4c191fe5e3382a956d066fd3b10
SSDEEP

1536:yN1KMYorUNWvwZhcZ/OoU33vx+W9RXMivgSeeCBwiQLakuE8JJs:yN1KXlkE33h1weCqiQGkurbs

Score

10^/10

rhadamanthys collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

a526b69375a52ad3b9d8b12468259ee4.exe

Resource

win7-20230220-en

rhadamanthys collection stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a526b69375a52ad3b9d8b12468259ee4.exe

Resource

win10v2004-20230220-en

rhadamanthys collection stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a526b69375a52ad3b9d8b12468259ee4.exe
- Size
  
  91KB
- MD5
  
  a526b69375a52ad3b9d8b12468259ee4
- SHA1
  
  17b1065d9f8fa646e401312899c9547f5aa088d8
- SHA256
  
  f17b2ecce5a84b6c0a34cd138bfd975d36d6ec1e365cfbef79b463a97ad375e8
- SHA512
  
  f066fdc73f13201653c998343d2471525e6078ef585a00b8544f7035cfc89d91959a7a58ef298f7d608928995af41b20d5a3b4c191fe5e3382a956d066fd3b10
- SSDEEP
  
  1536:yN1KMYorUNWvwZhcZ/OoU33vx+W9RXMivgSeeCBwiQLakuE8JJs:yN1KXlkE33h1weCqiQGkurbs
Score

10^/10

rhadamanthys collection stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthyscollectionstealer

behavioral2

rhadamanthyscollectionstealer

© 2018-2025

Terms | Privacy