rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

launcher.zip
Size

183.0MB
Sample

240716-nxgvja1cpr
MD5

29d53d5ea093feae0cd2e3e8fff25a1e
SHA1

bfacb1dfc7d32329b2b61d46b2e3ebf1df052758
SHA256

7a8f30f4b3532e46b736f0fa7615542d496431b328df3d7648fb8ab2568a7737
SHA512

5474ad057d35f963e770ae55ac842dd3a1eaff3f5154389fcd55c389640b5b62063221805dc6ba00a862fbf68651a7aa50798bca268c85edfb8497e3f549c998
SSDEEP

3145728:9IJklSH0DEhjikgGMzRFc16n3fxxiRWNHC3U8UrfTqnth1lwrMf7hW2Vw361X:5DExq3cs3pQRWNiSr+j1l0ehW8dX

Score

10^/10

rhadamanthys stealer

Malware Config

Targets

- Target
  
  launcher/LICENSES.chromium.html
- Size
  
  6.5MB
- MD5
  
  d18c09a075cb6531d7ffd7c3da77bd4e
- SHA1
  
  571f29b6004007111782bf5727c4bc9510cca286
- SHA256
  
  86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
- SHA512
  
  091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7
- SSDEEP
  
  24576:8P5K5WfWSJiJjQlaCmf2P6e666A6o69/kHPZQHpuQ:UrYR
Score

1^/10
behavioral1 behavioral2
- Target
  
  launcher/Launcher.exe
- Size
  
  150.4MB
- MD5
  
  33dee28d0767978ef8992f75f68ce357
- SHA1
  
  324767b5c079431ad93de3bde16204179db822bb
- SHA256
  
  e31a94c634ce566b317b4ec6d286a6f94ac2dd4fcb3d9e3466922715544390d4
- SHA512
  
  c8e11d32075815d30f7c04425f0175ed3be78c3339987dcafd5cdd75b99992dfd0e352b12a3a0fff8b4c1c225ed1c5a92cb85653d88f0e7f5de1783a2432dff8
- SSDEEP
  
  1572864:f9sIp9dePx3boQ9zPx3veCvI+RJjaWIxdaJgAOB3i3wFO6Bj3yTEQjB4UR9OEm3:je15JHHgw9m
Score

1^/10
behavioral3 behavioral4
- Target
  
  launcher/Launcher8.exe
- Size
  
  715.8MB
- MD5
  
  1187832294ddeda23092997a27453027
- SHA1
  
  83a1108cc62779cfbf55a14258a2596210ed3633
- SHA256
  
  b9ca36c66cdc58639961531aec9fd6270c20a4b7fcf4dd7d80e2a68d2d571ada
- SHA512
  
  574d9d47226998588d3f76af915f430a3379f080cf6e7994c9a52f8332bce518a1057119578c38b2e0b1917fd7ccc87512f63e6a9b881ce1d25846bbb04c560f
- SSDEEP
  
  12288:gYpYPSWYEiKCukSqnnUiZgLqHX0SBCCsKr:fl920toSXfBp
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  launcher/Lunar Client.exe
- Size
  
  99.8MB
- MD5
  
  b66f4ef37d46d3a72e64db390603832e
- SHA1
  
  1321488121988fa2e27df844f5f08aa50e857d1b
- SHA256
  
  1eeb43491b6752e13f85a0f605091d585de0f0a178f74c765c2b5ec8b721aa80
- SHA512
  
  fc888535301d8b9f1a2bf08538b5d283a412bd3515ba36cbee0433d4e5df1e86ae79ab9d56e3455ef82e4e35922e2b70e18dd537bc64fc19828f09d43db0e3c4
- SSDEEP
  
  1572864:VGzCXw7KTHJLBHBLNvhHu6haqVe8GaLokE:4mlA+PE3
Score

1^/10
behavioral7 behavioral8
- Target
  
  launcher/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  cb9807f6cf55ad799e920b7e0f97df99
- SHA1
  
  bb76012ded5acd103adad49436612d073d159b29
- SHA256
  
  5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
- SHA512
  
  f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62
- SSDEEP
  
  49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI
Score

1^/10
behavioral10 behavioral9
- Target
  
  launcher/ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  e3ab6f226a9189a456d53dd700f5d503
- SHA1
  
  0d3f467e9f36a404eb10b318c758edaf02305e26
- SHA256
  
  16070fc0fc3ae0d3d5872e5bd2194d883a1d91cf021e1fcb708c785a348c1a80
- SHA512
  
  b1d5b362489b5d26037c035c8b1e9bac24a4555b64371b41f8549ab70d5d591589ba154e163ec84d4b4b4435903db32f7ffe0f720f5e6d01b7656ed03f6757d0
- SSDEEP
  
  49152:/qMAAYNDEmcTfAZMHkwfPYX6Edxhi1uGaVrFY7Q9b5hpN3lzl3hHLNoJV:/GDfRMHR8rFYU5hNA
Score

1^/10
behavioral11 behavioral12
- Target
  
  launcher/libEGL.dll
- Size
  
  473KB
- MD5
  
  637eeb39ddbeb3ff518ff1988604505f
- SHA1
  
  8b3d9a0d542718fb906f8fafb2583d7bb53176ef
- SHA256
  
  3c51a8e53ef7473e9a335673e909dc9c67bf962997e6e2a319c3bd70fd52b4ed
- SHA512
  
  3257f9c96665f1bc8bb39acd0d98015b7d5e32f3cf3f84e795df4d19f6bd3bcc14a4e89759cc0de83289b79cd290fd5f4b176c3e9a4cb2eca3acfba0c9e232df
- SSDEEP
  
  6144:mTv0fq4dz9B4x4w/jvtGW9ZST3BypG48yOnb4pgsHVlAYnTeZRO8:mTN4dNw/jvtGW9c3BypaagYnkRO
Score

1^/10
behavioral13 behavioral14
- Target
  
  launcher/libGLESv2.dll
- Size
  
  7.2MB
- MD5
  
  438d089addd02af6f33b42f92cf19489
- SHA1
  
  b0de553d91c92e4d104d99a265442fbc51be67de
- SHA256
  
  05236819cd357b0f16ed2d8559a3c4da3b153ad7932ec2fd1d8e36d008a8633a
- SHA512
  
  0b6774d50becb18f471cbfb86aaa63cd360bb60f6fd77ab93b60c79f5019edcda6ccb23b6a7724f66b6ecedfefc0f0e2d098daee825185a261821903a3bc4fcb
- SSDEEP
  
  98304:tB7j4/0BuPMTUDUaG2u/hHZr7f7gsOMOe:b48KPBGzZr7fcsP
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16