rhadamanthys | 8f3ac756feb4f87207e228da943e9ae2e02f91b9bc5ee1facad58de5f4c1d820 | Triage

Submit
Reports

Overview

overview

Static

static

1

setup.exe

windows7-x64

setup.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

3.8MB
Sample

230403-qbhaaaeh58
MD5

d74f3270099e841625defc0c7a3656f9
SHA1

e05a443ee4e100effb1c7dd3855ad8a13f229769
SHA256

8f3ac756feb4f87207e228da943e9ae2e02f91b9bc5ee1facad58de5f4c1d820
SHA512

c78b2ec29b1c34e2a68df659c60eada012b8c7b09271da22b7254d051c5743ff91755973559a25788e9f841883eed4c1f03a02ee7cfd59f160764e877b77b1e5
SSDEEP

98304:2LruVBlRV18TGJWqfuIedS+EGpF6bX/4Y/XWhUNe+M:4uJn9U/EGibP4YY+

Score

10^/10

rhadamanthys evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20230220-en

rhadamanthys evasion stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20230220-en

rhadamanthys stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  3.8MB
- MD5
  
  d74f3270099e841625defc0c7a3656f9
- SHA1
  
  e05a443ee4e100effb1c7dd3855ad8a13f229769
- SHA256
  
  8f3ac756feb4f87207e228da943e9ae2e02f91b9bc5ee1facad58de5f4c1d820
- SHA512
  
  c78b2ec29b1c34e2a68df659c60eada012b8c7b09271da22b7254d051c5743ff91755973559a25788e9f841883eed4c1f03a02ee7cfd59f160764e877b77b1e5
- SSDEEP
  
  98304:2LruVBlRV18TGJWqfuIedS+EGpF6bX/4Y/XWhUNe+M:4uJn9U/EGibP4YY+
Score

10^/10

rhadamanthys evasion stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysevasionstealer

behavioral2

rhadamanthysstealer

© 2018-2025

Terms | Privacy