rhadamanthys | abba901a7ae18e26509ee0e4031a1d1db2387cbc0d0befcb8e13bfdcb3aab4e2 | Triage

Submit
Reports

Overview

overview

Static

static

1

a54493e71a...1f.exe

windows7-x64

3

a54493e71a...1f.exe

windows10-2004-x64

Sharing

General

Target

688774feec1cc9685acaece804dc7a26.bin
Size

1.2MB
Sample

230317-h9kt3agh2z
MD5

ce20e511e2313972993b4c42a79d164a
SHA1

bfbfc85a0797c4976b8ceb76f2a0a7cea6644463
SHA256

abba901a7ae18e26509ee0e4031a1d1db2387cbc0d0befcb8e13bfdcb3aab4e2
SHA512

450259377d86c9426716228ce8d95a3426fe8180b9de87e4a10ee4b44656fb6d3db25ee0824be29e416138b636a134817bdb80db0e083bdf8904b567221ee647
SSDEEP

24576:e+gPO2lsqTdvzIx5XLNvdH9bBQdGg/bwPB4upBHlmH47er8k:e+edsqq5F7QbsHMWe1

Score

10^/10

rhadamanthys stealer

Static task

static1

Behavioral task

behavioral1

Sample

a54493e71a7f28fe61e607ba4c089ada71e13ff9e1df6cef5619a4163e2b0a1f.exe

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

a54493e71a7f28fe61e607ba4c089ada71e13ff9e1df6cef5619a4163e2b0a1f.exe

Resource

win10v2004-20230221-en

rhadamanthys stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a54493e71a7f28fe61e607ba4c089ada71e13ff9e1df6cef5619a4163e2b0a1f.exe
- Size
  
  2.8MB
- MD5
  
  688774feec1cc9685acaece804dc7a26
- SHA1
  
  68afac92caeb49c2bb96970138738844aa7b8f99
- SHA256
  
  a54493e71a7f28fe61e607ba4c089ada71e13ff9e1df6cef5619a4163e2b0a1f
- SHA512
  
  68467b861e163b4b0ff7477c3c780eb3141ae069e8145431798576a1da74347b0da6fa0a0ad19defc3e0d29bdfb29240bffa12ef2d1904697a6e52f965da041a
- SSDEEP
  
  24576:oafQKgqtAyrUFdRZTbwcXE1Rw2qs9kpu2ny/v/LtGZsYjot0+iEzyLU/E5h8bV2:oNwcXFoaU/E5h8bKlsyKqiB8tFg
Score

10^/10

rhadamanthys stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysstealer

© 2018-2024

Terms | Privacy