rhadamanthys | 2540722d53870e6dbe6fd73d56b3e12c20d9f4c29fc6d325d6cfd471d8e44ea0 | Triage

Sharing

General

Target

2540722d53870e6dbe6fd73d56b3e12c20d9f4c29fc6d325d6cfd471d8e44ea0.exe
Size

1.1MB
Sample

240507-v5ehpsah49
MD5

a412943d7658cb194744ffa4008f6944
SHA1

48c5a3b7315c869c93723ae041e38610a32e9555
SHA256

2540722d53870e6dbe6fd73d56b3e12c20d9f4c29fc6d325d6cfd471d8e44ea0
SHA512

ec74c6744dce66dbf8f062c9296fc60f34d6d8997b65bb3de468774e336d2c4a7d6714d195de2d50dd6b532001aea5c9aae16ffc5e539629ee4710a1eaca8763
SSDEEP

24576:aMwIdAECITzkIoIZI7H8XuKeN1gqX+SPiquk60BeV/981rTUux+:aMwIdT5oAIL8Fdyqquk60BeVWkj

Score

10^/10

rhadamanthys stealer

Malware Config

Targets

- Target
  
  2540722d53870e6dbe6fd73d56b3e12c20d9f4c29fc6d325d6cfd471d8e44ea0.exe
- Size
  
  1.1MB
- MD5
  
  a412943d7658cb194744ffa4008f6944
- SHA1
  
  48c5a3b7315c869c93723ae041e38610a32e9555
- SHA256
  
  2540722d53870e6dbe6fd73d56b3e12c20d9f4c29fc6d325d6cfd471d8e44ea0
- SHA512
  
  ec74c6744dce66dbf8f062c9296fc60f34d6d8997b65bb3de468774e336d2c4a7d6714d195de2d50dd6b532001aea5c9aae16ffc5e539629ee4710a1eaca8763
- SSDEEP
  
  24576:aMwIdAECITzkIoIZI7H8XuKeN1gqX+SPiquk60BeV/981rTUux+:aMwIdT5oAIL8Fdyqquk60BeVWkj
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysstealer

behavioral2

rhadamanthysstealer