rhadamanthys | 9bbe90d9cfa9e088d0a2c31bd1b8f93c2a9bb8a792ff99ec4bbc7ca1c44491c2 | Triage

Sharing

General

Target

Solara.exe
Size

443KB
Sample

240821-szgprszdrk
MD5

ca3a48c58e2e078037d6fe0432565caa
SHA1

665d5d7c26f6e37287f0ca16a72804a01e8b7169
SHA256

9bbe90d9cfa9e088d0a2c31bd1b8f93c2a9bb8a792ff99ec4bbc7ca1c44491c2
SHA512

bd95c53c7340e00f72b6b361cffa8a87d4fe2d2b2f398378862144498acb8a18d39813d8f9113ee632b55c8fbeaf549b384336a8fae7b26eeb848db9e6853e95
SSDEEP

12288:elAMSIpem0zahNz73O3sLsZu1xOp9unXFjfXEBdmi+8mpE9X7:12peCR7+x414uVjMX7

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

- Target
  
  Solara.exe
- Size
  
  443KB
- MD5
  
  ca3a48c58e2e078037d6fe0432565caa
- SHA1
  
  665d5d7c26f6e37287f0ca16a72804a01e8b7169
- SHA256
  
  9bbe90d9cfa9e088d0a2c31bd1b8f93c2a9bb8a792ff99ec4bbc7ca1c44491c2
- SHA512
  
  bd95c53c7340e00f72b6b361cffa8a87d4fe2d2b2f398378862144498acb8a18d39813d8f9113ee632b55c8fbeaf549b384336a8fae7b26eeb848db9e6853e95
- SSDEEP
  
  12288:elAMSIpem0zahNz73O3sLsZu1xOp9unXFjfXEBdmi+8mpE9X7:12peCR7+x414uVjMX7
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer