rhadamanthys | 6f120cd587ec05f82f9e114f910ccae2c8e4cf468c8a06624c611e8431dd9cbf | Triage

Sharing

General

Target

c570824c19f6b18f9385b6d2dd362e30N.exe
Size

6.7MB
Sample

240802-xt2vzawekm
MD5

c570824c19f6b18f9385b6d2dd362e30
SHA1

82c8e445f4d97cbdbd3ad03240d9459d4d277c8a
SHA256

6f120cd587ec05f82f9e114f910ccae2c8e4cf468c8a06624c611e8431dd9cbf
SHA512

695d5ed9e697a50880d13a9f82dc5a170523bfb03cf52c71bb2822754471ba345bc6f7dbd9a9fee758292884ae0420f44ac6f4111e08bbd6db7e4556aa987f56
SSDEEP

196608:sfU3b+P/ugXlRRAhqlUsz7vV7LacN3PIRaE1ZVf0y5:8f/31RKVsz7Nl3P2aM/

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  c570824c19f6b18f9385b6d2dd362e30N.exe
- Size
  
  6.7MB
- MD5
  
  c570824c19f6b18f9385b6d2dd362e30
- SHA1
  
  82c8e445f4d97cbdbd3ad03240d9459d4d277c8a
- SHA256
  
  6f120cd587ec05f82f9e114f910ccae2c8e4cf468c8a06624c611e8431dd9cbf
- SHA512
  
  695d5ed9e697a50880d13a9f82dc5a170523bfb03cf52c71bb2822754471ba345bc6f7dbd9a9fee758292884ae0420f44ac6f4111e08bbd6db7e4556aa987f56
- SSDEEP
  
  196608:sfU3b+P/ugXlRRAhqlUsz7vV7LacN3PIRaE1ZVf0y5:8f/31RKVsz7Nl3P2aM/
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer