rhadamanthys | 432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67 | Triage

Submit
Reports

Overview

overview

Static

static

3

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

5.3MB
Sample

240415-3cg25aba65
MD5

de08b70c1b36bce2c90a34b9e5e61f09
SHA1

1628635f073c61ad744d406a16d46dfac871c9c2
SHA256

432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67
SHA512

18a30e480ce7d122cfad5a99570042e3bef9e1f9feda1f7be32b273a7248274285c65ac997c90d3d6a950a37b4ea62e6b928bfefc924187c90e32ea571bfd1f5
SSDEEP

98304:/+p+LLypykV4RJGIfsv7RynHr/x1leOzcv0nbzKIKFStIJ:/+pMLCYJ/svlUr/x1vzcvib+Ir

Score

10^/10

rhadamanthys zgrat rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20240412-en

rhadamanthys zgrat rat stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  5.3MB
- MD5
  
  de08b70c1b36bce2c90a34b9e5e61f09
- SHA1
  
  1628635f073c61ad744d406a16d46dfac871c9c2
- SHA256
  
  432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67
- SHA512
  
  18a30e480ce7d122cfad5a99570042e3bef9e1f9feda1f7be32b273a7248274285c65ac997c90d3d6a950a37b4ea62e6b928bfefc924187c90e32ea571bfd1f5
- SSDEEP
  
  98304:/+p+LLypykV4RJGIfsv7RynHr/x1leOzcv0nbzKIKFStIJ:/+pMLCYJ/svlUr/x1vzcvib+Ir
Score

10^/10

zgrat rat rhadamanthys stealer
- Detect ZGRat V1
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rhadamanthyszgratratstealer

© 2018-2024

Terms | Privacy