rhadamanthys | 4a802496f5171c7f9d8862a579795c346489d7ab0b0b1b0df7da6621911e6b91 | Triage

Sharing

General

Target

2024-08-02_9a9e54e2c0b5076ebbddd676c45a7c6e_magniber
Size

3.5MB
Sample

240802-bevbpawemm
MD5

9a9e54e2c0b5076ebbddd676c45a7c6e
SHA1

29969d8d71dd863088190dfcabb7713ffc8484ae
SHA256

4a802496f5171c7f9d8862a579795c346489d7ab0b0b1b0df7da6621911e6b91
SHA512

fc0d7f50c36b969bdb2af43834f947129ea1710599054100a01964b63a3541d06df6e3eeb8c782041ede182be3c9a7c16dbe498f4acac14c8a2646dc26510401
SSDEEP

98304:a4ODsHJdRwsCAxQ5YBvByzTD+8b7bZJzSw:a4ODspdRwsCAmgv2Oud5S

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  2024-08-02_9a9e54e2c0b5076ebbddd676c45a7c6e_magniber
- Size
  
  3.5MB
- MD5
  
  9a9e54e2c0b5076ebbddd676c45a7c6e
- SHA1
  
  29969d8d71dd863088190dfcabb7713ffc8484ae
- SHA256
  
  4a802496f5171c7f9d8862a579795c346489d7ab0b0b1b0df7da6621911e6b91
- SHA512
  
  fc0d7f50c36b969bdb2af43834f947129ea1710599054100a01964b63a3541d06df6e3eeb8c782041ede182be3c9a7c16dbe498f4acac14c8a2646dc26510401
- SSDEEP
  
  98304:a4ODsHJdRwsCAxQ5YBvByzTD+8b7bZJzSw:a4ODspdRwsCAmgv2Oud5S
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer