rhadamanthys | 2cdf5d31558b8c3c5a1ea10cb94377269d4ea3d99bb2822728f734cebfc50dcc | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows10-1703-x64

Sharing

General

Target

sample
Size

542B
Sample

240417-yp6h2acg36
MD5

cb2a37b81be739040d8447820b45072d
SHA1

dcc567f107eba763563e8f1a34fa1280679133aa
SHA256

2cdf5d31558b8c3c5a1ea10cb94377269d4ea3d99bb2822728f734cebfc50dcc
SHA512

4b182b68c946bc4b324239af7179ea3a81434d27b7aff122113763fea2afbe0a9ab5a97b11393586a909f8025f53af01de0c94000cca58364182c8f6da1c7d6c

Score

10^/10

rhadamanthys stealc discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10-20240404-en

rhadamanthys stealc discovery spyware stealer

windows10-1703-x64

24 signatures

1800 seconds

Malware Config

Extracted

Family

stealc

C2

http://89.105.198.253

Attributes

url_path
/300e6d86f44da037.php

Targets

- Target
  
  sample
- Size
  
  542B
- MD5
  
  cb2a37b81be739040d8447820b45072d
- SHA1
  
  dcc567f107eba763563e8f1a34fa1280679133aa
- SHA256
  
  2cdf5d31558b8c3c5a1ea10cb94377269d4ea3d99bb2822728f734cebfc50dcc
- SHA512
  
  4b182b68c946bc4b324239af7179ea3a81434d27b7aff122113763fea2afbe0a9ab5a97b11393586a909f8025f53af01de0c94000cca58364182c8f6da1c7d6c
Score

10^/10

rhadamanthys stealc discovery spyware stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rhadamanthysstealcdiscoveryspywarestealer

© 2018-2024

Terms | Privacy