rhadamanthys | 517c75bf72bcee34128a901c8481d08403699de731aa305baeee645f2d7a76f8 | Triage

Sharing

General

Target

Kurulumcu.rar
Size

6.2MB
Sample

240805-sscggazekr
MD5

fc1eec6c6f60ba9eb4db17515597fec6
SHA1

56d856e8e8aa876d8123393c383d20415719c664
SHA256

517c75bf72bcee34128a901c8481d08403699de731aa305baeee645f2d7a76f8
SHA512

e9327af203470f2f4d175c41efe37cf026bfb4249a75f5a6227e3a8f6b8d4dd36661808e29fa4e728da57c940a3c3532dee7229d7567df27f0b15f29ab182720
SSDEEP

98304:reWUdmtEu7enAc/aUxp4Kemlhqsy2414sDBBzNnUNkcekqWhCM4Dbc:rhG67Cx3dDqsyl39BzNWOWhEvc

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  Kurulumcu.exe
- Size
  
  1.2MB
- MD5
  
  b3d1a0942ee0e1cb82b751df74d9e599
- SHA1
  
  e1b06435ea15f03839b8fa4ea4ad054e31572c3e
- SHA256
  
  c4c93143a7635cbcd773e7344e3ae0c9a2dfe4ec25fb55588f3ada44b979d3b7
- SHA512
  
  7ee389543fa2a2396b0d3a81fa7140c67b7b96900f8e2580dc4bf86b6e3197f3aac60e69165048584cc5fae143c3226207ece837535c9fc77307537e8848ddec
- SSDEEP
  
  24576:odpG9CAh5124BOOxrhJCLzCQEMrmim+ldUCc/CUWy87kKkn:Xoc1248KrhJCL8TSXUfLh87kKkn
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  modules/x64/d3d/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral3
- Target
  
  modules/x64/d3d/d3dcompiler_48.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral4
- Target
  
  modules/x86/d3d/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

behavioral3

behavioral4

behavioral5