rhadamanthys | bd403309f8f43fc34d64917720f55c1dbcc50f250f1210bc8dec6c704d4ed461 | Triage

Submit
Reports

Overview

overview

Static

static

1

Authentica....1.exe

windows10-2004-x64

Sharing

General

Target

Authenticator_v5.1.exe
Size

1.9MB
Sample

240731-y4ec4a1eqn
MD5

c607e5a15a55a85f0fd6339c75dbe769
SHA1

36e24f54dd93166a2d42ebb222d4c15eefe7239b
SHA256

bd403309f8f43fc34d64917720f55c1dbcc50f250f1210bc8dec6c704d4ed461
SHA512

db157472ad89553b0a9578da6b5a5b07abe30741509f097f359fb1c40db3818e94f8134513d52627f0e889731dbdf4fc0bf4375ff3a0bdbb0892ca6e108391a6
SSDEEP

49152:IebOsgxw8eSymL1zO69MOpJjyTVKueFU4NXJ:P+N1K+luelXJ

Score

10^/10

rhadamanthys warmcookie backdoor discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

Authenticator_v5.1.exe

Resource

win10v2004-20240730-en

rhadamanthys warmcookie backdoor discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warmcookie

C2

91.222.173.181

Attributes

mutex
8952466e-ec09-4cf4-b3f8-01bed1b211dd
user_agent
Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;.NET CLR 1.0.3705)

Extracted

Family

rhadamanthys

C2

https://92.246.139.64:7400/b7a8e4d36d60139c9974d297/e751wk8p.0713j

Targets

- Target
  
  Authenticator_v5.1.exe
- Size
  
  1.9MB
- MD5
  
  c607e5a15a55a85f0fd6339c75dbe769
- SHA1
  
  36e24f54dd93166a2d42ebb222d4c15eefe7239b
- SHA256
  
  bd403309f8f43fc34d64917720f55c1dbcc50f250f1210bc8dec6c704d4ed461
- SHA512
  
  db157472ad89553b0a9578da6b5a5b07abe30741509f097f359fb1c40db3818e94f8134513d52627f0e889731dbdf4fc0bf4375ff3a0bdbb0892ca6e108391a6
- SSDEEP
  
  49152:IebOsgxw8eSymL1zO69MOpJjyTVKueFU4NXJ:P+N1K+luelXJ
Score

10^/10

rhadamanthys warmcookie backdoor discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Warmcookie family
  warmcookie
- Warmcookie, Badspace
  Warmcookie aka Badspace is a backdoor written in C++.
  backdoor warmcookie
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthyswarmcookiebackdoordiscoverystealer

© 2018-2025

Terms | Privacy