rhadamanthys

Resubmissions

27/03/2024, 17:10

240327-vp3klabh7y 10

27/03/2024, 17:07

240327-vnfdnsbh4w 3

27/03/2024, 17:03

240327-vknwmsbg61 10

Sharing

Copy URL

Twitter E-mail

General

Target

SKRIPTGG-FIVEM-main.zip
Size

5.2MB
Sample

240327-vknwmsbg61
MD5

5e65bdca353aeabd62fa725b97e4bcf9
SHA1

045b32c4f5c08e0de0df3a9b519ef5cfa71f5194
SHA256

38c5b0767ba5a3b10ad9a158b3493ae24096c2993994b06783d8f7266e3b4bc2
SHA512

93544f6643222df73bdbb5c8bb08c07f9c595c9c83e8d96066fb73b86d165f1f742bd79e656d5fcc80b4258fd8d566cbb3a44c23fa4e4bb5f5d49a3459dba075
SSDEEP

98304:II/GiwtepY3UjkkABs7ieskoAPS1tgX3Fr1gnzWMbz46Gw2:IqlpY3UtA+GePS1tuunzWtpp

Score

10^/10

Malware Config

Targets

- Target
  
  SKRIPTGG-FIVEM-main.zip
- Size
  
  5.2MB
- MD5
  
  5e65bdca353aeabd62fa725b97e4bcf9
- SHA1
  
  045b32c4f5c08e0de0df3a9b519ef5cfa71f5194
- SHA256
  
  38c5b0767ba5a3b10ad9a158b3493ae24096c2993994b06783d8f7266e3b4bc2
- SHA512
  
  93544f6643222df73bdbb5c8bb08c07f9c595c9c83e8d96066fb73b86d165f1f742bd79e656d5fcc80b4258fd8d566cbb3a44c23fa4e4bb5f5d49a3459dba075
- SSDEEP
  
  98304:II/GiwtepY3UjkkABs7ieskoAPS1tgX3Fr1gnzWMbz46Gw2:IqlpY3UtA+GePS1tuunzWtpp
Score

1^/10
behavioral1 behavioral2
- Target
  
  SKRIPTGG-FIVEM-main/README.md
- Size
  
  383B
- MD5
  
  cb0b4cd4ce17d2d75fa1626447c0ef78
- SHA1
  
  bb26911f880dbb56bbcabd75e249fd861e092f3a
- SHA256
  
  6f353b611f52ff5238c7633de9fb36d90d3e1b29fa34e0ca8a70665520a89768
- SHA512
  
  2047d9afafec24a82152fbc3638cfbd35dcf32cb9502317b0bd7c90f0c7f008740495791583d16668a7ed224a82f8bf9068574706679f0ae147c36b07467bbe7
Score

3^/10
behavioral3 behavioral4
- Target
  
  SKRIPTGG-FIVEM-main/Skript.rar
- Size
  
  4.6MB
- MD5
  
  5ca1a9888343fce41dc19ee85d5728c6
- SHA1
  
  004851b9a5327782dfffc773c7d352c3de6fa341
- SHA256
  
  26ce31dad5149454c39376256c88397b1a2e6c4e8f66b42cbce9f2cd904132cc
- SHA512
  
  3d0b20640da4695b3a2c70e39269dd6a48777c97e451385c8aebc876a5db430744d594118f217185cb4816d6e9c12f7c254deccad8652b710fbb9f5a83a5bf46
- SSDEEP
  
  98304:xI/GiwtepY3UjkkABs7ieskoAPS1tgX3Fr1gnzWMbz4Y:xqlpY3UtA+GePS1tuunzWtY
Score

10^/10

rhadamanthys pyinstaller stealer upx
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  launcher.exe
- Size
  
  4.7MB
- MD5
  
  620024df612c13a4a33cf785384c2086
- SHA1
  
  a6ae999723bea18c6d3acf2c52ed682f6226b7be
- SHA256
  
  cd825788095cd61de39d98d6365ed80004cc55a64f4f115ef6bf532617bb0af1
- SHA512
  
  34d4d8a423d98bf0b8d4f18dc980bed97e9492f0817bb1e2dff99fc8d9d0cfaa2687514eff7717b1310a2c858236614490e980390612901e08b69b6ded451bdd
- SSDEEP
  
  98304:HqZRVmbr2CkyPqPnowAWTbNJ2EyT2QT27JaSGKN/3pJ:QVs6ysoDEUvwJEKdZJ
Score

10^/10

rhadamanthys pyinstaller stealer upx persistence
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  SKRIPTGG-FIVEM-main/license.dll
- Size
  
  1.2MB
- MD5
  
  36dea25d49b9dff21acebface8ea2044
- SHA1
  
  5bd97162bc98e36c124811c360dbf29c6233405e
- SHA256
  
  d960a2eac5e7f1aa04e9f8d0da4eb9bb0b097ca58d0ce83ea1bb8351baf26301
- SHA512
  
  64f06db24297e30d7ec91d3cf9ccc33f28eb9041e463933866b09de0d138d964505aa38f32158be5e5491e4aa68d8ae77bccce9c068e5980d2281a24294bccf8
- SSDEEP
  
  24576:1iE0l9oS0Cl/9qZPcYJZEiDO3ytIPMunHuGKFufrrH1:YE0l1ZlVsPc06i63aIPZnBX
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10