rhadamanthys | c529cd95c0c85ca18df3e690f840e51d0be33b5b92f8bf1e9f91821eaedac68c | Triage

Sharing

General

Target

rha.zip
Size

578KB
Sample

240405-y5tt6scf9t
MD5

22a0424c83dfa033b6e14b05445c5bab
SHA1

eda7a7e9856373d57a664cc237f652f5711fa983
SHA256

c529cd95c0c85ca18df3e690f840e51d0be33b5b92f8bf1e9f91821eaedac68c
SHA512

45048d0dfda31035be9569110c396c7c78bd1017706cec913c6c217a70aefbc44db188f5bd0ffd8976ca1b49ceb54423e7a70637e5278d63b636ad66dce221c2
SSDEEP

12288:guFhLmC+PogjOxEX+ThSdJxs2G45TphfIwiVuZvKsCMiUQbe0qXEPt:TLRVgC8Jq2GQTphfIwiA1ivb8wt

Score

10^/10

rhadamanthys stealer

Malware Config

Targets

- Target
  
  rha.zip
- Size
  
  578KB
- MD5
  
  22a0424c83dfa033b6e14b05445c5bab
- SHA1
  
  eda7a7e9856373d57a664cc237f652f5711fa983
- SHA256
  
  c529cd95c0c85ca18df3e690f840e51d0be33b5b92f8bf1e9f91821eaedac68c
- SHA512
  
  45048d0dfda31035be9569110c396c7c78bd1017706cec913c6c217a70aefbc44db188f5bd0ffd8976ca1b49ceb54423e7a70637e5278d63b636ad66dce221c2
- SSDEEP
  
  12288:guFhLmC+PogjOxEX+ThSdJxs2G45TphfIwiVuZvKsCMiUQbe0qXEPt:TLRVgC8Jq2GQTphfIwiA1ivb8wt
Score

1^/10
behavioral1 behavioral2
- Target
  
  data.bin
- Size
  
  385KB
- MD5
  
  364a46c611cd7fead3527533982c616e
- SHA1
  
  3b0c8cce7a3a462d8865487f28d68c38de6851c4
- SHA256
  
  6963569bfd71c7b642826ac0cd8ac2511510168204b68a7b9940d656059f7df8
- SHA512
  
  9bc71ccc5e330b2641ef57c570e49ca944d4d4de633698adf1813e1a1368c4b700d71e63598c8caa55272e4cb310aeac1eb827980a69ee03f7f7d528dddc9f7d
- SSDEEP
  
  12288:6uFh7GCuzMgjOxEJ+ThSddxs2E45TpbfNNKGIh:17xxgCcdq2EQTpbfNNtq
Score

3^/10
behavioral3 behavioral4
- Target
  
  file.exe
- Size
  
  39KB
- MD5
  
  f1b14f71252de9ac763dbfbfbfc8c2dc
- SHA1
  
  dcc2dcb26c1649887f1d5ae557a000b5fe34bb98
- SHA256
  
  796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5
- SHA512
  
  636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0
- SSDEEP
  
  768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral5 behavioral6
- Target
  
  g2m.dll
- Size
  
  395KB
- MD5
  
  eef5e122a610edb4f13115dff624b2b9
- SHA1
  
  da324be4ee4c1573fbaedd83307ee888335d9661
- SHA256
  
  dd9c9d63a5f4798d3d30ddc7d0eb569c4406b2db7224b936c0721b78b7436940
- SHA512
  
  7f2318d222ac172b5aadecb09e19ff121a2648742c4e23fee91a9551a2f50014886fcb9f67f228e43fadd36fe80e71b9e6bd443b6d696533f872a2fb99862556
- SSDEEP
  
  6144:zT1N9+2qMgtcYrnWtkbGoWkYnxDrWJgVdfjJBPLbvrPtj2Ik/0:zxqzt+kYtHVRjJBb6/0
Score

3^/10
behavioral7 behavioral8
- Target
  
  run.bat
- Size
  
  70B
- MD5
  
  922d706a6ff52cd5f8ff57287aec9907
- SHA1
  
  c2093b630f1180bc8b48c71957655182f6a56053
- SHA256
  
  12ecd3179026dc979012895d1ba547cdd48b6940d34eb5cca266ef943c990efd
- SHA512
  
  eca850162e741141a2a7e62a028cfb3c9ec45baecbdf9a0560fbc82a3aed2ef9fccd108aa8b167002fd1727e0170cdfc29a3d5d4bb574690cdeefa6b2b3e6fb3
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

rhadamanthysstealer

behavioral7

behavioral8

behavioral9

behavioral10

rhadamanthysstealer