rhadamanthys | 7b77d58834007e2b1baf6fca2ab6ff31350228b364e199d9648e87651fd84ba8 | Triage

Submit
Reports

Overview

overview

Static

static

3

ORDER_INQUIRY.exe

windows7-x64

ORDER_INQUIRY.exe

windows10-2004-x64

Sharing

General

Target

INQ.zip
Size

838KB
Sample

240418-ljzr3sae3v
MD5

d87e15f0c6ee8c903be7183ef177c8c1
SHA1

888141add98970eac85dbcd1b87bf2510797ac86
SHA256

7b77d58834007e2b1baf6fca2ab6ff31350228b364e199d9648e87651fd84ba8
SHA512

df16cb86bcac6e9e436592c03fc8e67fea90508e43e21adff358637c0ae912abffd0547dd4e2cec106a1cd821a68605fed062bdeb82066cc5f0f8e6f1c637213
SSDEEP

24576:Qv9JE9OKGuJzEFvof8nnsMftK0myr0hc6DG8Xiq0:QVYxGdS8nsMV0/iq0

Score

10^/10

rhadamanthys stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER_INQUIRY.exe

Resource

win7-20240221-en

rhadamanthys stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER_INQUIRY.exe

Resource

win10v2004-20240412-en

rhadamanthys stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ORDER_INQUIRY.exe_
- Size
  
  1.0MB
- MD5
  
  bd50ff8b04307c3c37d4fac6973024e1
- SHA1
  
  3bc49fee10ba4955c32c4dbea816b2214304d0e7
- SHA256
  
  f052ced97704edefaff8aaa74736ef693e7bde53eaba2957eda941aea2a8afd2
- SHA512
  
  4d174c2df9b2bd0230af9ed315e2e628434dfa187886f84ae7045c4721bd900bce15631b11dca8f99549d03c0680720de7a990a4784fe0ed620cdf9e5664df17
- SSDEEP
  
  12288:wHMEa3XGYAG4wSeRMZup8r8KDdWKLvuRHYiGNwyGGs+TrvdMyVopoxL:fEYAveRY2O82WKLvutYiG5GS2yVe
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

rhadamanthysstealer

behavioral2

rhadamanthysstealer

© 2018-2024

Terms | Privacy