rhadamanthys

General

Target

XWorm.rar
Size

3.8MB
Sample

240521-tkf1csbc66
MD5

8845f7149b64a79343f12ee97b8d90ad
SHA1

d48a4d2b00859e6e7e362e38a34190da60ff8550
SHA256

17c103b0cd832139aded6213496300760f83abc7922d3829d10f09d422b2b348
SHA512

132c47c287aad520e29c42debff6c2a847487323a57824e7b43f48fa5562d9b008c28b297fd3a260b108aebfd99246ed2fff5d38cc9fd52b3406a047aedd5bd9
SSDEEP

98304:jjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqFdRaDzmLW/nQDIV:jjJd8vNYNQFzEvBVtoFqFAeab

Score

10^/10

rhadamanthys stealer

Malware Config

Targets

- Target
  
  ComponentFactory.Krypton.Toolkit.dll
- Size
  
  2.8MB
- MD5
  
  129884de0e136521fd650c59b2633e82
- SHA1
  
  43fea10a62670568c00a2910c3ee6fc1ceaa1bdc
- SHA256
  
  8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30
- SHA512
  
  fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43
- SSDEEP
  
  24576:9aA+gKf9mE6kWF2IaltkdgZUfoOJtMl6X1ZTJxf9VqY7djlb1IqdGsUfSYqsyb:UIaltkdgqHJtMl6XD7h7Nh1ImYqsy
Score

1^/10
behavioral1
- Target
  
  D3DX9_43.dll
- Size
  
  2.3MB
- MD5
  
  7160fc226391c0b50c85571fa1a546e5
- SHA1
  
  2bf450850a522a09e8d1ce0f1e443d86d934f4ad
- SHA256
  
  84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
- SHA512
  
  dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
- SSDEEP
  
  49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score

1^/10
behavioral2
- Target
  
  Krypton.Toolkit.dll
- Size
  
  4.3MB
- MD5
  
  068b4f05eb35479a419bc55da643781e
- SHA1
  
  1d0fe6bb23bbd63dc6d4248f7c17afcf4bc16dea
- SHA256
  
  477ebd61ce116c6908a1cd1e50bc93869f6f7b9c3e0e5757551e6dd2a01b4648
- SHA512
  
  f9022c7d91364519f5b773fd641741637f89a4f4f8eb1406d1c594e0a286724cea7494fb047e810bbed0579b6870db49a6828b1c79808e4554d762f326a87dcc
- SSDEEP
  
  49152:tmB08naO5IDdOBQNJxtk7ryrDdkny3y+sUFdRcRkMb2J:Mu8naO5oj9k7rODdlmHOMbO
Score

1^/10
behavioral3
- Target
  
  Mono.Cecil.dll
- Size
  
  277KB
- MD5
  
  8df4d6b5dc1629fcefcdc20210a88eac
- SHA1
  
  16c661757ad90eb84228aa3487db11a2eac6fe64
- SHA256
  
  3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e
- SHA512
  
  874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174
- SSDEEP
  
  6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA
Score

1^/10
behavioral4
- Target
  
  Mono.Nat.dll
- Size
  
  40KB
- MD5
  
  bf929442b12d4b5f9906b29834bf7db1
- SHA1
  
  810a2b3c8e548d1df931538bc304cc1405f7a32b
- SHA256
  
  b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0
- SHA512
  
  9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828
- SSDEEP
  
  768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF
Score

1^/10
behavioral5
- Target
  
  Vestris.ResourceLib.dll
- Size
  
  76KB
- MD5
  
  64e9cb25aeefeeba3bb579fb1a5559bc
- SHA1
  
  e719f80fcbd952609475f3d4a42aa578b2034624
- SHA256
  
  34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993
- SHA512
  
  b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c
- SSDEEP
  
  1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp
Score

1^/10
behavioral6
- Target
  
  XWorm.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect rhadamanthys stealer shellcode

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7