rhadamanthys | f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

1.msi

windows7-x64

7

1.msi

windows10-2004-x64

Sharing

General

Target

1.msi
Size

680KB
Sample

230806-19mb1adg5x
MD5

3035101d044a4425dbd5a523ace428c3
SHA1

f08ecf54bb93077fc32cef5f6915ce569e38bed1
SHA256

f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84
SHA512

d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0
SSDEEP

12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW

Score

10^/10

rhadamanthys stealer

Static task

static1

Behavioral task

behavioral1

Sample

1.msi

Resource

win7-20230712-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.msi

Resource

win10v2004-20230703-en

rhadamanthys stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1.msi
- Size
  
  680KB
- MD5
  
  3035101d044a4425dbd5a523ace428c3
- SHA1
  
  f08ecf54bb93077fc32cef5f6915ce569e38bed1
- SHA256
  
  f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84
- SHA512
  
  d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0
- SSDEEP
  
  12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW
Score

10^/10

rhadamanthys stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysstealer

© 2018-2025

Terms | Privacy