rhadamanthys | 18f1732ecf1f4a8933b088c87b1000296c25265954b0a26d16572774de2ad970 | Triage

Sharing

General

Target

18f1732ecf1f4a8933b088c87b1000296c25265954b0a26d16572774de2ad970.zip
Size

9.3MB
Sample

240723-bpjmyayhkb
MD5

d4e178f1d11d09238e71b3797c14b97d
SHA1

ba3919e65cbfade435acd3222fdd950a8d8d5a74
SHA256

18f1732ecf1f4a8933b088c87b1000296c25265954b0a26d16572774de2ad970
SHA512

421a0e9d5166fceb832434bb4923562132db95506fb31cf34e2aa1a48efd2e220980d704fc783eb79f26836a1737738ad11b99fb8af0423dfdc7e69b20c03e59
SSDEEP

196608:CHPSNbe7+fYX3nTXDxFpc85SFnrUfFWPxsoOdxk5P02EFyLSRVpBj:DNSyf4nTXD/pcu6UEPxsCP6F4SRXBj

Score

10^/10

rhadamanthys persistence stealer

Malware Config

Targets

- Target
  
  gugjUpdater.exe
- Size
  
  679.3MB
- MD5
  
  110338c7214276a2f7eba4a9d43621a8
- SHA1
  
  849817945ff02ace87ee7ac5f6eb6f66a4cfe33c
- SHA256
  
  9cafa33cd3dafee4f4a02a2ad8d1a9121cfaeae6cde95f3da647cff7d3e4914d
- SHA512
  
  f41e0dd2268492cf672cffbcf88a4b8575fd8cf1ef8d938fa5a6cb8d5bfba28f994b42adb1863c70ac3cde112cf8e488cf2e04b0abe48bdae066e33616c5ac9c
- SSDEEP
  
  393216:tkfZ+0tsgG1a+OA0vBUJg+pw4Osi1FKT69NeBV8opaOm5TdhxJNKSYkL6nFn:4QpJMTJKr
Score

10^/10

rhadamanthys persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthyspersistencestealer

behavioral2

rhadamanthyspersistencestealer