rhadamanthys | 9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef.exe
Size

1.0MB
Sample

240309-dxk7vada6t
MD5

2366f34130db5f39d0d5255782974392
SHA1

6323dd08850cdea997298f91f74078cf0c8e78a2
SHA256

9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef
SHA512

e1a86be3970385627fd110d18a9ba56034cd601c046dbcead2bb5e1e4d0b665c8693c2a0cbd15b3f373b4c018579114640c6d0d0de41081cabae1e424c580803
SSDEEP

12288:zN7PaOir036Rc10z4JXP+H6oZjkg6aYGCPYx+f7W7ufszMIRVRHqz7Iqse4sIQeI:zN7JE0Q60zOWHrYgsGCT7nfKJTe1NTp

Score

10^/10

rhadamanthys stealer

Malware Config

Targets

- Target
  
  9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef.exe
- Size
  
  1.0MB
- MD5
  
  2366f34130db5f39d0d5255782974392
- SHA1
  
  6323dd08850cdea997298f91f74078cf0c8e78a2
- SHA256
  
  9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef
- SHA512
  
  e1a86be3970385627fd110d18a9ba56034cd601c046dbcead2bb5e1e4d0b665c8693c2a0cbd15b3f373b4c018579114640c6d0d0de41081cabae1e424c580803
- SSDEEP
  
  12288:zN7PaOir036Rc10z4JXP+H6oZjkg6aYGCPYx+f7W7ufszMIRVRHqz7Iqse4sIQeI:zN7JE0Q60zOWHrYgsGCT7nfKJTe1NTp
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $TEMP/Compound
- Size
  
  280KB
- MD5
  
  d63c5479fd18f86817d489744a338751
- SHA1
  
  82385a52bb5485fab0a3d1e7f9a3661bf35d3098
- SHA256
  
  3f7aa56dfd875ebf6e3aa86be897f65302f88e4022cf2dc984fdb4ac9cff0037
- SHA512
  
  da8a157239ef59e683b2ad06492136cfc52550af0947bb812fc7795f02ab0e09cf510b701a9e247b0ec197879028778a0af8daf01589d1a53090aa4f91bf0361
- SSDEEP
  
  3072:DCV26MqgQTc5F446iYNpK5SB7BJBzLZDKJtIs8di/37EM/j2xQeixApVIa0/vidT:Di2VWTyFsJ8gNJBnGtINsegA/12vk6G
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysstealer

behavioral2

rhadamanthysstealer

behavioral3

behavioral4