rhadamanthys | a86d3039451a065cfe9f9418303f3d3205b0fb53d1a5b5a5d3ad7cb3a3f437ff | Triage

Sharing

General

Target

sus.zip
Size

12.6MB
Sample

240812-hhf2sstfnc
MD5

fdef1eb589691b7fa2f0e1bafe1f1dbd
SHA1

6d93961143ac8c8104742742b841a68c41a04330
SHA256

a86d3039451a065cfe9f9418303f3d3205b0fb53d1a5b5a5d3ad7cb3a3f437ff
SHA512

563646424b923a5d7ba40af6150fb0ec8492a46fcd0386ba5d8aee5f68b6a355025e4814ffacf72116271869ff8eeedcfe92bbd05b7c66b961ca05a1e94ccf3b
SSDEEP

393216:xemDG/ZiR+JuO2cGs1wajZf8joiqw/DmCny0KPXT:xNi/ZipcGs1waV87n92T

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  AcXtrnal.dll
- Size
  
  550KB
- MD5
  
  6e353c4c50e19aa7fa32750caaadfdc8
- SHA1
  
  f769957ef270dea7eebe3343681823d8bf39549e
- SHA256
  
  fcf336915cb31035f31318a82b528ac29b46286d149ac20af48106b127f281a9
- SHA512
  
  e10d918364c1c8108f0be51c523852c0ab270804071514406698dfadc733ff002c8e87d35116c48a8fdb02a619e7b84ccc7c81a5f1b6ce031d54a9aef9ae4a8a
- SSDEEP
  
  12288:1dLOyN8W4TnHLaVmrbSOkKc+Ae63Udfun:/LOS4TnHRWOkKcX13UdWn
Score

1^/10
behavioral1
- Target
  
  Set_up.exe
- Size
  
  694.4MB
- MD5
  
  c03b508c97550c36deec734daf5ca494
- SHA1
  
  b58f764b523f991afde4e40e7732f6ca2c0f0dec
- SHA256
  
  cb028d96132d018aaf2c9df7c8bc0bc26aaf09352e386351f99b739faff2a220
- SHA512
  
  17ef24ef5284fa58b53baff84fb9d8a0b1a6d603c4a2df84363499b38f9e4b18442b182c2085815485d96dddbe4f50406bfe547f54c4690463731bd6b9cf2bc5
- SSDEEP
  
  98304:GUpHnwnSJqMtyOT2XEOVN0KhESKDsolB+mXUOOLmC/f:1rQMtyOT2UOV+KiSKZ+CDW
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  x32.dll
- Size
  
  683KB
- MD5
  
  192cad2a20e9ea9ce03eec5bd569699b
- SHA1
  
  dcb4131d3544b23ac8b976d09a670cdcddedd13b
- SHA256
  
  74a2c0771e38b374510a60fe0c824bf42e69fb7cde54500e683f90cb0d929dfa
- SHA512
  
  ea7b1785e39cc825cb9e7973596a3b0b7a46dfda4e64fea029e9d4fdaaf0f1e348bb3e266e74070a8c7188dd2ddff29fa72b08ccffea29131882c681b3d9fc25
- SSDEEP
  
  12288:LvEYPYeQllELFlHniueSj0FONGpdhA4dNg:LvEYQ/EpRnPIONRWg
Score

1^/10
behavioral3
- Target
  
  x64.dll
- Size
  
  17.0MB
- MD5
  
  8b6e3f0cd5bcd2cf2ce2e16fe7070dc3
- SHA1
  
  ab47e5bde61d65f14a2ef72fedab2320ef282d5a
- SHA256
  
  a4ce9a380d6faedeef5b29874c9f47d122a27e038503ef4ca1e2d3a8b528c9d5
- SHA512
  
  61a518fffcf76802ef016d0f77f738dc1754832fed8202f7106262a3c4ea6d5ac213297839a6e78e365608ab9e7f4eb04f30c9d025ecfa45f8fcb7c47c2a87e5
- SSDEEP
  
  196608:6QZZ4fhlWm77qxU+fm77qxU+fm77qxU+T:6QZvm76m76m7I
Score

1^/10
behavioral4
- Target
  
  xNet.dll
- Size
  
  153KB
- MD5
  
  9c7f64658a9fa66cf89e1a3d9a3eb0c1
- SHA1
  
  478c91b1e0248abf22da83793a2ccbfb08c54d72
- SHA256
  
  2236fc65f6cdad7776209f21ce140350581174e29f86be0b3f6f6e1ce5f786c4
- SHA512
  
  08f88a2595cae021141febbd09d0f182bf8c9a8aacfcb90a06748d6d3181f56b4ef12646d0bce0ebe4110f455132b77759e7e322c86026ed135d147cb27296cb
- SSDEEP
  
  3072:iqz4xNmJF8Chf2YrrC0DdmBEUWfc5fTKoCsCxyYGuLHRQ:iqExALhf2YrrC0gWUWfc5fTKxsoyYzHe
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer

behavioral3

behavioral4

behavioral5