rhadamanthys | de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b | Triage

Sharing

General

Target

de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b
Size

7.1MB
Sample

240728-zj9tyaxgqe
MD5

945799bf0c3ea84b4fbe73c02ebe45d3
SHA1

4aaba52d3cb179d390d427576b02b9f8fca038ef
SHA256

de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b
SHA512

ec6ecfc7fa46ac82680b8b5bf67581f8f0578e202b22909af15efc2d1b94eec2c43a630413b94f7e1c47c3848d2512750b2abd417d48e24cf6442dfb1c17b4dd
SSDEEP

196608:cfU9Zc6BLCAuwqj4FGUY7R7dd5HTK32N5mh:sGhC3+FGUY1J3Pmh

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b
- Size
  
  7.1MB
- MD5
  
  945799bf0c3ea84b4fbe73c02ebe45d3
- SHA1
  
  4aaba52d3cb179d390d427576b02b9f8fca038ef
- SHA256
  
  de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b
- SHA512
  
  ec6ecfc7fa46ac82680b8b5bf67581f8f0578e202b22909af15efc2d1b94eec2c43a630413b94f7e1c47c3848d2512750b2abd417d48e24cf6442dfb1c17b4dd
- SSDEEP
  
  196608:cfU9Zc6BLCAuwqj4FGUY7R7dd5HTK32N5mh:sGhC3+FGUY1J3Pmh
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer