rhadamanthys | 099de377cdc27b701145d1ab34c71f5c63fe4511e3b3e74c0c4813a7e64c0f97 | Triage

Sharing

General

Target

93779b31a227daf420aabd658fe34650N.exe
Size

6.0MB
Sample

240723-kvn92sxend
MD5

93779b31a227daf420aabd658fe34650
SHA1

707159e5677170baaa895d8f428d8ddc4b4e91af
SHA256

099de377cdc27b701145d1ab34c71f5c63fe4511e3b3e74c0c4813a7e64c0f97
SHA512

8d003999e053fcb605d3d416a78ca5fdba1fd15888536110c9d0a3d08a714ac1a1dd447ffb0938c2da003d27363f6648bd1a15990f550e61870531c33005be7b
SSDEEP

98304:FF+f/g0GlqoYZGX+5dRl2cZI0V7zkJ+djJALokUebxVGqCaJq0mgxWxJgH:FF+3g0IQHdPtjOLokUebxVGqQGxWxJk

Score

10^/10

rhadamanthys persistence stealer

Malware Config

Targets

- Target
  
  93779b31a227daf420aabd658fe34650N.exe
- Size
  
  6.0MB
- MD5
  
  93779b31a227daf420aabd658fe34650
- SHA1
  
  707159e5677170baaa895d8f428d8ddc4b4e91af
- SHA256
  
  099de377cdc27b701145d1ab34c71f5c63fe4511e3b3e74c0c4813a7e64c0f97
- SHA512
  
  8d003999e053fcb605d3d416a78ca5fdba1fd15888536110c9d0a3d08a714ac1a1dd447ffb0938c2da003d27363f6648bd1a15990f550e61870531c33005be7b
- SSDEEP
  
  98304:FF+f/g0GlqoYZGX+5dRl2cZI0V7zkJ+djJALokUebxVGqCaJq0mgxWxJgH:FF+3g0IQHdPtjOLokUebxVGqQGxWxJk
Score

10^/10

rhadamanthys persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthyspersistencestealer

behavioral2

rhadamanthyspersistencestealer