rhadamanthys | 9c3a2fbdc44090253a701eff4bc92bb248ef35f76ad0c9bcb48ce041631d548d | Triage

Sharing

General

Target

GalaxyFlipv2.0Roblox.rar
Size

1.2MB
Sample

240807-m5zvms1cnc
MD5

259ab81c20022b16a9fa2f6363d84b6f
SHA1

ff7c75a3a86d38af55920423eb1ae83b5e730fd9
SHA256

9c3a2fbdc44090253a701eff4bc92bb248ef35f76ad0c9bcb48ce041631d548d
SHA512

d5cde0bb648247b3dc76c50322e11c41ef38f6cb674d595d3d3728c2185532ef8e888d5026e1f34226ca88a8e6253b1dd86675e29df7ea63d04d6490c67ee04e
SSDEEP

24576:4wsUtFeolWMfeO8iuevCwWe7z0OGYMtoGkiyMLcqRAfkG+ujdmaMmuXxP1+:4wTfWMfHzvCwWe7YGMtoGPymcqCZCL+

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  GalaxyFlipv2.0Roblox.rar
- Size
  
  1.2MB
- MD5
  
  259ab81c20022b16a9fa2f6363d84b6f
- SHA1
  
  ff7c75a3a86d38af55920423eb1ae83b5e730fd9
- SHA256
  
  9c3a2fbdc44090253a701eff4bc92bb248ef35f76ad0c9bcb48ce041631d548d
- SHA512
  
  d5cde0bb648247b3dc76c50322e11c41ef38f6cb674d595d3d3728c2185532ef8e888d5026e1f34226ca88a8e6253b1dd86675e29df7ea63d04d6490c67ee04e
- SSDEEP
  
  24576:4wsUtFeolWMfeO8iuevCwWe7z0OGYMtoGkiyMLcqRAfkG+ujdmaMmuXxP1+:4wTfWMfHzvCwWe7YGMtoGPymcqCZCL+
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  BloxFlip.exe
- Size
  
  702KB
- MD5
  
  5e8eefdad5b8ab9b1b47f269ca27d8f7
- SHA1
  
  ba66cf53cfe996d904e57b9409b349da62bb5d27
- SHA256
  
  e915dccc9e65da534932476e8cec4b7e5446dbd022f242e9302ac18d2a041df5
- SHA512
  
  3f353dd053e4cd18cb7c56237230d026404a8c217084e740b152ff3e9e3c8ecf0649dbdc5e98617d82086f2b340588741c7afdf4326e1f6bf56242bf7a8c58a8
- SSDEEP
  
  12288:uQjtwieaRtNsy+vMyX/A8MAnz8gCWxjijlLRjPrDuTsu3WfRme3I:uQjtQatuVY8MAnzCM2RjziTsuERmoI
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  CustomWinApi.hpp
- Size
  
  2KB
- MD5
  
  cbecd4f646bdc33fdd5a51c6129e0d66
- SHA1
  
  3b30641b373f04d123a037246c0c28d50722045a
- SHA256
  
  3345ba28cdb24ca73b3e3d3b4aa72ad623cdd478b7bff31e0faccf57f362ec7b
- SHA512
  
  b68b39f99886b05d14d7888f1b8d0a56b941a3032462ef7cdc1b57aee73b521783eb3954cf6fd579a43158a3674ce4ff1e9c712d7a0ee85c8a05e24347614602
Score

3^/10
behavioral5 behavioral6
- Target
  
  D3DX9_43.dll
- Size
  
  2.3MB
- MD5
  
  7160fc226391c0b50c85571fa1a546e5
- SHA1
  
  2bf450850a522a09e8d1ce0f1e443d86d934f4ad
- SHA256
  
  84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
- SHA512
  
  dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
- SSDEEP
  
  49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score

1^/10
behavioral7 behavioral8
- Target
  
  VMProtectSDK64.lib
- Size
  
  7KB
- MD5
  
  f8fb5674b416f5f1a8bb4c94d60817c6
- SHA1
  
  56092d5cc15023eda121de5ff1aab47e32bc9a11
- SHA256
  
  c8c4c4d824b42ff38b05bd9f8f3781a63b9318baef087e4e9cf694ac4844a20d
- SHA512
  
  6e37daba16c47d89766665d0b1e7617878cd4e0e2abd0638e5ca3e9366740af0822a05c3fa62d0f60064a9bad4031f8b7e14d6ae5b4570f8326834ef5aa45920
- SSDEEP
  
  48:XrZ5/k5RLRzRCRXB6cI15A3Xy/F/CRcRj15T1tRLRyIBrJaFX43KXyAO4YMKUQl+:bjkqBw1xrR3KxKdKJ0DnBRU/rR
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  auth.hpp
- Size
  
  1KB
- MD5
  
  68ca7e05166eb5e3d6de4fc6e52749ba
- SHA1
  
  343e9a636141ee4cf970765bd707fd56a7f2bd02
- SHA256
  
  3414a4cb52b4efadfb3c86d451542adbfddd02f6b988c0855052ec287b308222
- SHA512
  
  1608ea43f38ec60d3a059279994c3db91be1e3de183bd5aa0464fb22f2f231a604b905e419ac730553f8f20b9206e7e096b12dda7794f7cd2fedb6b20a112bb1
Score

3^/10
behavioral11 behavioral12
- Target
  
  d3d_Hook.cpp
- Size
  
  3KB
- MD5
  
  ff05bbbd7f112d14088a76ba93aecdc2
- SHA1
  
  9c132125a266ab8419b03d0c95d236b133d737ba
- SHA256
  
  c82208bff966293bf18ada811fa147d174972cc61f5d6bf7cfb24ff6633a5236
- SHA512
  
  ebb88e965addb7e769e036b274c5503124016c4ce8465fc3b2a6ee491aef182b7b05b47e74adc2a567f5f41851e8b2ceb1f8270760ebf97f831aa319331aa21a
Score

3^/10
behavioral13 behavioral14
- Target
  
  imgui.ini
- Size
  
  129B
- MD5
  
  6a7578ca403fbf4a29eae1ea14190bef
- SHA1
  
  185048daacfab144bff41a3695670c38dc46fd6a
- SHA256
  
  bea859d15c0dbc0ef79b96c27dbfb538d648ab8090bba7b0885db57da10114dc
- SHA512
  
  f6e0a8ee2faea78f3019ae780d7d03a14d0534a269b6e53a7bcac9857bdbcce866efca62cb26d9151ea1dbb437404b2a0b79ad7f2bd96f82b4a55c447a5c7447
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

rhadamanthysdiscoverystealer

behavioral4

rhadamanthysdiscoverystealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16