rhadamanthys | 728dff0eba668befcb91c693b7e9ea49a70b4d5cc4cb0bf9460837cbf58951ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

355KB
Sample

240305-zl9xqaha3y
MD5

cfab6075851faadd5de2efc7078979da
SHA1

b430aa030c145c308e34a515600bdbba72c21332
SHA256

728dff0eba668befcb91c693b7e9ea49a70b4d5cc4cb0bf9460837cbf58951ba
SHA512

012e2a09ddc0cc6b10cbacbafa36b887a894d6c342d4a9457999f7682206e6e61acccd0df14cbdcbd8f32aaf236000ad4139a381110ff20aae83d4c65c78dc92
SSDEEP

6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfqbsb:gf2R/EEkCQFYDwRqg

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://www.carssell.online:443/b45c71e9ac60e42309ff71/4ku932qm.1d058

Targets

- Target
  
  file.exe
- Size
  
  355KB
- MD5
  
  cfab6075851faadd5de2efc7078979da
- SHA1
  
  b430aa030c145c308e34a515600bdbba72c21332
- SHA256
  
  728dff0eba668befcb91c693b7e9ea49a70b4d5cc4cb0bf9460837cbf58951ba
- SHA512
  
  012e2a09ddc0cc6b10cbacbafa36b887a894d6c342d4a9457999f7682206e6e61acccd0df14cbdcbd8f32aaf236000ad4139a381110ff20aae83d4c65c78dc92
- SSDEEP
  
  6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfqbsb:gf2R/EEkCQFYDwRqg
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer