rhadamanthys | 9a44c666e5abbd216aaad1d78ea84dba7526b3f613c7f3396ddd1a810e9b0356 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Framework.exe
Size

578KB
Sample

240107-219avahae6
MD5

df3d18ab3304798f929cf38c63ec60a8
SHA1

1275c1d5fb2c58137394408dc9804db8abd581a3
SHA256

9a44c666e5abbd216aaad1d78ea84dba7526b3f613c7f3396ddd1a810e9b0356
SHA512

77e0373495e27e260f069fb06447aeb0313b0fcb7cbaca1cefd8ddb72b08268399b5cc1120aa3d0a623f86990674f41463334eff646792e18a05b06ed3ec0315
SSDEEP

12288:h5n0b8WEVi3Qyq2hC3rJjKhRWjYFbL0x0hjRue6Y0LZt:h50b8/i3QyqIC7GRW0FcC1Ruep0N

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://91.92.245.204:9018/877499f67c08d1b4/ni7gm4nn.aus8f

Targets

- Target
  
  Framework.exe
- Size
  
  578KB
- MD5
  
  df3d18ab3304798f929cf38c63ec60a8
- SHA1
  
  1275c1d5fb2c58137394408dc9804db8abd581a3
- SHA256
  
  9a44c666e5abbd216aaad1d78ea84dba7526b3f613c7f3396ddd1a810e9b0356
- SHA512
  
  77e0373495e27e260f069fb06447aeb0313b0fcb7cbaca1cefd8ddb72b08268399b5cc1120aa3d0a623f86990674f41463334eff646792e18a05b06ed3ec0315
- SSDEEP
  
  12288:h5n0b8WEVi3Qyq2hC3rJjKhRWjYFbL0x0hjRue6Y0LZt:h50b8/i3QyqIC7GRW0FcC1Ruep0N
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer