rhadamanthys | 5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f | Triage

Resubmissions

20-08-2024 14:34

240820-rxvcea1enr 10

08-08-2024 18:14

240808-wvb59sxaqk 10

Sharing

General

Target

5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f(1)
Size

438KB
Sample

240820-rxvcea1enr
MD5

f400057763476649ca620a1fa7792c22
SHA1

f8e4f976cc28fcd8e91cf1dc48cb503642cd7ded
SHA256

5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f
SHA512

3efc264b36c50d30a98fae7adb7acd1ef4b79314e1d708a67d8535bb3d5ffcd0838765b92fd9789e2436d0d75ea69672eee2f5fa55b7d6c9577491b775ab9e3d
SSDEEP

12288:6uZZani4FaYkizhRpfX54K+uiE8BZzhzJ:6+ZIi4Z95/54K+uiE87d

Score

10^/10

rhadamanthys stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://94.156.8.232/656e6d0ebe84e51bf0e6/ggs8bwxh.gt2k3

Targets

- Target
  
  5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f(1)
- Size
  
  438KB
- MD5
  
  f400057763476649ca620a1fa7792c22
- SHA1
  
  f8e4f976cc28fcd8e91cf1dc48cb503642cd7ded
- SHA256
  
  5b2c5bd17a50bf0ffcc6b80277274ec4b6373aef889e22b896738df9b08d687f
- SHA512
  
  3efc264b36c50d30a98fae7adb7acd1ef4b79314e1d708a67d8535bb3d5ffcd0838765b92fd9789e2436d0d75ea69672eee2f5fa55b7d6c9577491b775ab9e3d
- SSDEEP
  
  12288:6uZZani4FaYkizhRpfX54K+uiE8BZzhzJ:6+ZIi4Z95/54K+uiE87d
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

rhadamanthysstealer

behavioral2

rhadamanthysstealer