rhadamanthys | 840ca5b25b6b813b57dcbd26b8d630b92b3b0df46ed8b43133e02ec7fe1cf24a | Triage

Submit
Reports

Overview

overview

Static

static

1

Blender3.4...up.exe

windows7-x64

7

Blender3.4...up.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Blender3.4.1.zip
Size

56.2MB
Sample

230331-rfynhabb51
MD5

440932a058983b92cc62775dbac55f2c
SHA1

6daff9ca20d9a1d672d5361bb5d3e5c422a89aa9
SHA256

840ca5b25b6b813b57dcbd26b8d630b92b3b0df46ed8b43133e02ec7fe1cf24a
SHA512

8c3fd1d8d2d9890a8b29e74a608d755f29e1b88d13f8e12bc653a730376d48ce35363abc1d07f74ce60b5edbeaedd1344c33783c98a5909b075cfa6ff610d985
SSDEEP

196608:LIPIpUUmXhotinn04doMRT0Slr49+0uTVR:LIPpUmXlnbdoMRD4M0uTVR

Score

10^/10

rhadamanthys persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Blender3.4.1/BlenderSetup.exe

Resource

win7-20230220-en

windows7-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

Blender3.4.1/BlenderSetup.exe

Resource

win10v2004-20230220-en

rhadamanthys persistence stealer

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  Blender3.4.1/BlenderSetup.exe
- Size
  
  677.8MB
- MD5
  
  1e8ca54eff24a0c0dd3fde27cc5314ed
- SHA1
  
  169de15d84f2a1db50828fc45408f0fd0879a2dd
- SHA256
  
  4d43ab343484cef19dfde43a7cb377b407c273a2d01afe50293d0c5a370377b5
- SHA512
  
  d4cb0c6b5cd593c155b9416d26650b1e030fd81f320fdb0e4a78baa873843fed54506f5a1068d08d0844c2ef9688f9f5bc1bdd006cb334ff73c6313caebabab9
- SSDEEP
  
  6144:5ahOhmgxeSRE6Tot1wXnzZXFPYXW9/T9sSk3gquDbL8ut:5ikDRTTG1UzjPuWoSig/T82
Score

10^/10

persistence rhadamanthys stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthyspersistencestealer

© 2018-2025

Terms | Privacy