rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Quince_setup.zip
Size

17.5MB
Sample

240807-xwjr6ssdql
MD5

14f1142ba2a969fb79ee60886aa89eee
SHA1

7ccd15d2b1db1001c6c17550e7c3735494dd60a0
SHA256

6edabaa1a35a493910bfa9e21bbc0ebe851cb631a2ec49d22c006109834426ba
SHA512

73ef2830ea8e3ed332f4ec85833a8b497263fddd6bd1fce4d0885e37025ed89354543aa42406bb6e13bb6ed61cc05e429c7b09f19d8c7c79893467fa52f7c86b
SSDEEP

393216:ASzkcQy8bkGWaW2dNcv0z6HbQ0Cdw8llIKV2vB5s2esHzQGncrq+p9:ASzkD3IYW2jM0z67Q3llICcOsHzQGncJ

Score

10^/10

Malware Config

Targets

- Target
  
  loaderV6/AcXtrnal.dll
- Size
  
  84KB
- MD5
  
  7a8363e16731be3c2c8e19d8cc09c55b
- SHA1
  
  c91428381a21769b8b0d43ad2ff51ecbf4484148
- SHA256
  
  74e806ec92105141400a92bd89b1dc17881df02a5014ebb421853a4ddeb90954
- SHA512
  
  d580d64287ff24d410b47865fb328a57c034890f4f8d3185e50cc9d41523b97f35f088b917c73c4752676242d7bd0be5066e4ea8cef5563fa9c4081aa428bc8b
- SSDEEP
  
  1536:kvR1FvU175th5AuXKoG1P7fTCUTj/y5BnJAGVrpXn6PO:U817R2JoEDTCUT+9JAGVrpXn6
Score

3^/10

discovery
behavioral1
- Target
  
  loaderV6/AdaptiveCards.dll
- Size
  
  41KB
- MD5
  
  43c11ee7a1d9f62c429972c07dd33229
- SHA1
  
  c091b972937d18f9a52c4fd33188e4f3e401ccb7
- SHA256
  
  f8e015de2e77647dcaa2d0e1b9b1ac284e9d987385b9947591813b4bd6796e32
- SHA512
  
  cb9a76ae4ffe1c297bb81537efb14b2686f2a7c37dcce874d107d22b37bf28b34d4f0b2e29fd2fdb992dfb15dc583dce7c140bb8a4d20f0331bc93b26f6401c8
- SSDEEP
  
  768:svEUgi5QYojjPIKg7yrGEw4zk/NF1IzZLrop4NVXldt1vZstPGck6jv:s8UgiW7jPIKeyrARNF+lu0JDvZsBGcks
Score

3^/10

discovery
behavioral2
- Target
  
  loaderV6/LoaderV6.exe
- Size
  
  59.8MB
- MD5
  
  122e5491ff7d692f2308b0f40e49e32a
- SHA1
  
  03c00f1e743584409024e64ed2f216bce5dc2153
- SHA256
  
  569668593ebaffc50c1bf819b3908416ab98959cfe3a5438d199360c172bd674
- SHA512
  
  5d3b627e6b9d2531ce557e6bcd14326219227fc3e6d05c3e085a63f8bb3e6fff3f4a7abfc424b3885811dee600992a3dc0e213ddd4650b9275a3d1709e5f9e2c
- SSDEEP
  
  196608:Yj1rr+exTfU3+e2J7crs+efUlT4E6RAEbIBOHtMxoXLaz5LbpGdYWtftJJoBOC2b:err+ceXiml9DoGqXLaz5XpGSWzoBw
Score

10^/10

rhadamanthys discovery evasion execution persistence privilege_escalation stealer trojan
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  loaderV6/LoaderV6/AddressParser.dll
- Size
  
  52KB
- MD5
  
  09a620a0d09694d03bc8fd5d8b8aa819
- SHA1
  
  a7db367da4c455f7b4e42e9055ce1ca58923bd85
- SHA256
  
  381a701b27ba655a6833a02803a36aa6607904f6fb3c0b5530bacdf92f00da78
- SHA512
  
  68f17d726ad6811fcd4487340dbe13d7d97d515fed967dbefaa6b52ffe26b13f55f682939d1425624f83068e1b75c05fc10a601a81f01805c97fc9feffcb33c1
- SSDEEP
  
  768:WljQbhFMQUmxHqE3F0J0Q0K/SzFCe+VyDQc2gxpj+FrH53rNWiXI2Itp/zn:WV+fggKCFCe+Vdo2H7NWiY2It
Score

3^/10

discovery
behavioral5
- Target
  
  loaderV6/LoaderV6/Apphlpdm.dll
- Size
  
  29KB
- MD5
  
  e166daac460eb2a7a67c9a5a2dcccf1f
- SHA1
  
  994ff138c195fb13d4cd3446ab68224b2c210a2c
- SHA256
  
  09725c772489573d6b1489591ec1e0f580c5c1f650f82d0a112a44fc89842938
- SHA512
  
  0605565ae013f5973a2946796a83c1484ada9dbfeeca0b379267e90037426ecf8932310a3f431cced44bba4c722fdb201ea865df91df0803246f9f73b287d374
- SSDEEP
  
  384:dlPLo/0VIp747y9M+qzviYng+B2CLCB8j17fzWY9Wf0jgvnTEySeC:dZIp74glmviylJ17fXeCqVC
Score

3^/10

discovery
behavioral6
- Target
  
  loaderV6/LoaderV6/appidapi.dll
- Size
  
  54KB
- MD5
  
  9803723f2be4fb990b88b3cc883731c0
- SHA1
  
  fb7b51ba3aff0df9bde338a28efaafa5e9520454
- SHA256
  
  2827e2a738ad0337979739558e6da19a012dc91ecad863e594ff268f78e93575
- SHA512
  
  34bdc8e091c6348d42699e7f21fe9c620d786b542dcc2542ef097a2d93d2fcc5e6a2720b3d13c58a488719fffa35a59b58ab4c35f6caca97a3d7aa4d57490fca
- SSDEEP
  
  1536:SZWOik+pqC5ZflGtJmU32to/UdWxPwBs+zue0:SoqUtvf4PmU32twUm6q5
Score

3^/10

discovery
behavioral7
- Target
  
  loaderV6/acwow64.dll
- Size
  
  37KB
- MD5
  
  94e972f7e5f6662dece2c435047d9fa0
- SHA1
  
  4f782489bd2cf9f3cf97a17dd2ab158d75022599
- SHA256
  
  99c6d28b981552f92341da34deee0a4e0212bfb76f0d5b29711331ad47b9ed25
- SHA512
  
  7c4dc945c9c69681cd72329696c9837d60c413bcc0b35429ebc3868bdb30b814e80ce36682cb97aca21130cfd963600631da59acbd3fe3de4fa1f735e16047c2
- SSDEEP
  
  768:+6cW1qHGnnU5yadOKjGfDVoHOqAQG2gcwO6:+6c6q2nedO2GfZoHOqm2gcwO6
Score

3^/10

discovery
behavioral8