rhadamanthys | 66ffa9d4e27a9f787eaa47364d57b95feae92af35ab154299c5134eacc9f4c42 | Triage

Sharing

General

Target

223a3aa520689c0021d8ce51024d5bb0N.exe
Size

3.7MB
Sample

240814-xzhdhsthrj
MD5

223a3aa520689c0021d8ce51024d5bb0
SHA1

1fbcb94006ea1b3dd1796cebe0e78fb0b9b6a874
SHA256

66ffa9d4e27a9f787eaa47364d57b95feae92af35ab154299c5134eacc9f4c42
SHA512

b329830a0b22310e4262bd071edfaf38afa199bb428dc1f99b31c83df0f699eb842e6a466d803670d5066780217e7eb966e505262c3620eeb922629ee6883fe3
SSDEEP

98304:ziXAEqfpQA7KhbchheGvUapVXNe1gNuqh+CaO:eQxRQA7K9QPfZNe1rqh+

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Targets

- Target
  
  223a3aa520689c0021d8ce51024d5bb0N.exe
- Size
  
  3.7MB
- MD5
  
  223a3aa520689c0021d8ce51024d5bb0
- SHA1
  
  1fbcb94006ea1b3dd1796cebe0e78fb0b9b6a874
- SHA256
  
  66ffa9d4e27a9f787eaa47364d57b95feae92af35ab154299c5134eacc9f4c42
- SHA512
  
  b329830a0b22310e4262bd071edfaf38afa199bb428dc1f99b31c83df0f699eb842e6a466d803670d5066780217e7eb966e505262c3620eeb922629ee6883fe3
- SSDEEP
  
  98304:ziXAEqfpQA7KhbchheGvUapVXNe1gNuqh+CaO:eQxRQA7K9QPfZNe1rqh+
Score

10^/10

discovery persistence rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

rhadamanthysdiscoverypersistencestealer