rhadamanthys | 03d60f06db313f892881188829f27c813efe8a4e987af1f483a4bbbcd78159db | Triage

Sharing

General

Target

Portable_x32_x64.zip
Size

5.2MB
Sample

240822-pey7jawenh
MD5

fe91478f39a6102b8239dd1bbdab4925
SHA1

8ff28f5976a4243f44491af7aa36478c22b231e5
SHA256

03d60f06db313f892881188829f27c813efe8a4e987af1f483a4bbbcd78159db
SHA512

07975105bd921cf5d0c2479c7efa2e86d0396033125a59e45bcb659c240023622c19f4beeea967bd524fd8bb701653bd7c7cb3338b78f8e43aee3ca02bef3b52
SSDEEP

98304:SxXm/N+nGIdm2laGQEzAGeRDohW4PCpQCGroaDvhU2J1gXgT:SxXmWdm2lkDSq0oat1

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/8duqxdnh.falc4

Targets

- Target
  
  Portable_x32_x64.zip
- Size
  
  5.2MB
- MD5
  
  fe91478f39a6102b8239dd1bbdab4925
- SHA1
  
  8ff28f5976a4243f44491af7aa36478c22b231e5
- SHA256
  
  03d60f06db313f892881188829f27c813efe8a4e987af1f483a4bbbcd78159db
- SHA512
  
  07975105bd921cf5d0c2479c7efa2e86d0396033125a59e45bcb659c240023622c19f4beeea967bd524fd8bb701653bd7c7cb3338b78f8e43aee3ca02bef3b52
- SSDEEP
  
  98304:SxXm/N+nGIdm2laGQEzAGeRDohW4PCpQCGroaDvhU2J1gXgT:SxXmWdm2lkDSq0oat1
Score

1^/10
behavioral1 behavioral2
- Target
  
  Portable_x32_x64/Data/Language.pimx
- Size
  
  22KB
- MD5
  
  01fbf905f95578b7c2eb370d5bd867b6
- SHA1
  
  6688f78f5afba9bbabca1a398371c063f67447c2
- SHA256
  
  a17506a018994501e0cf6847ceee97f7cd9ffcffc48b256d180175256ff5c0f7
- SHA512
  
  321c7c325dd886f7a154e7aed21b5e8789cd3ec28a0dd87ade8702524857fb2ff271fca16833f2d393ce9ca45cb6b0b87470357ace1bf49d65e7e0efdf423aa5
- SSDEEP
  
  384:ntMbm75pVUbnVhU9PFfRYzF66ZfxjUyy9FeQ3Np:ntMIInrU9PBRR6ZfxOX
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Portable_x32_x64/Data/Main.ini
- Size
  
  24KB
- MD5
  
  5bf4353d089309e57865ba86d4199004
- SHA1
  
  e2871968fc1aa99c821209f817a94b05b7b7a7f3
- SHA256
  
  96088d93be0c39001e87b5647bc8ffdef684a90fa02f0f91d430248f7c3415e2
- SHA512
  
  c8489b85c75cacc54535538736d75ab2a2fd60d29b764906fe7acbc26d9887515f5c316b9e2543b9511ffc348fcd88f5e01e4f1baaf9c5ecfb8a95061e12c4ed
- SSDEEP
  
  384:az91NaxrAlW10wt+CJgSz8/YK3uOvxtNhymeIbi2OrFc:az91NaxOCJgkRK3zvxtNN
Score

1^/10
behavioral5 behavioral6
- Target
  
  Portable_x32_x64/Data/Packaged/Main.ini
- Size
  
  1KB
- MD5
  
  7b53ebd64e5781e02eaefb6739a6b556
- SHA1
  
  d5332b200cf5dcea0419afdb66a15d89b9eb619f
- SHA256
  
  b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
- SHA512
  
  c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Portable_x32_x64/Data/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral10 behavioral9
- Target
  
  Portable_x32_x64/Data/Packaged/Utils.dll
- Size
  
  1KB
- MD5
  
  73e051427246dd4ca45935b1a4bd7e2d
- SHA1
  
  7216f05041252f1c3a9d84aacdf84ef62f1a1045
- SHA256
  
  b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
- SHA512
  
  3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Portable_x32_x64/Setup.exe
- Size
  
  251KB
- MD5
  
  fe51917821ba0847a64c5467741ed7e3
- SHA1
  
  100ee217a3a2d1b2b211fa214804bfa77c676765
- SHA256
  
  54b3c35bdc0c3a426f6fbe5e06500738dabcdc47b9eaeb6548122af1f46cd2eb
- SHA512
  
  4a8de56ff27c71f582d342ae82699e1b2b1b3958ff3dbf67c46dd94c35afd8b97cc7dddb3f04e6797a3b50d2ebba44b6ddee8c42174a09b83a808b9ba35f9137
- SSDEEP
  
  6144:tpbIwepIdznDi8Har8HSDzYTk0zh6LM8wG4m7:fbIwewi8Har8czYTkbLZ4m7
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral13 behavioral14
- Target
  
  Portable_x32_x64/msvcp140.dll
- Size
  
  642KB
- MD5
  
  ba3023249b8d6ed0df30421780fc1d0f
- SHA1
  
  6b6ddce795244fbc0bf25aa8387216898a406d57
- SHA256
  
  23d4cf6d02126c05466abbc91eed4d7fc8ff99c8fea9bd8e68a44cfadc89a3e1
- SHA512
  
  f6b177f218804ee862cbf6729b6d435442f9ffb9b980d6bb04a378c52d936245c726685234d8d8844e6f7c030704ba4bb0e15db26f79fc70b8557632d0687f4e
- SSDEEP
  
  12288:o49le3Mnp52WBqf/qq3R5W8ZB4zmRzbawsViRUF95HdAx:ZlRp529f93PW8ZBS+zbR7sFc
Score

1^/10
behavioral15 behavioral16
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/badju.xml
- Size
  
  66KB
- MD5
  
  3bf18759130b47393436cad4c8260aa7
- SHA1
  
  588b2ca91c8926dfe4ed4a21b88f4951bb0c024f
- SHA256
  
  6847f8fc741480a253e5d94ffb0af9821c5f97b8dcf1b1e37cc4e8ea4919df25
- SHA512
  
  c8588a36a1769d8c90043ac5b9ba0cfa8d5db8ca0989a256bd0997823f44167deddfd776ea1a5941d6698eeb759c67155b2bb1abb9be8b4b37e785711b66b148
- SSDEEP
  
  1536:CBQV4s07p9dLrwr9wfU6UXvcFUf2QcFm59zXrWO:CBy4s07pr4V6A0afvcFczXv
Score

1^/10
behavioral17 behavioral18
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/bestinkSonarsBuzzed.xml
- Size
  
  76KB
- MD5
  
  1695d921cf1273c4c108c38ab49b6e63
- SHA1
  
  6660529626f8fb6e44bb4dcb43542946d6a75947
- SHA256
  
  a1ef4e13e10998452378480ac8db26e17c110cebf7496dab8e3669304609195c
- SHA512
  
  d7941a94a19a8a55f10bcdb6a141fb3e96cd9aac3f44fb7ecb76a1694cf9e1e5365edffe8d9edd454fb7a527e7f58bf4fe8377e397becf59290985237cacb200
- SSDEEP
  
  1536:lPw7ITAAk4ppa1XpFY6rc/t6fxD07a5MfKQuf6LVtdtm:2ITAApa1X3pr4W35rfKtq
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/busto.xml
- Size
  
  13KB
- MD5
  
  a6440d04aa8b84a3f7b373142f46aec8
- SHA1
  
  b794d5a0d5a398713eaa444d10ceabef128a8502
- SHA256
  
  774579308b68d19f8ea3252e3cb51067a816bbfcc6b7f7668993110db438be90
- SHA512
  
  c7a57376a5e7bae17d59b9d7ab2e2362100d3930af41704ccdfe6dded4649a66754da34df9a7659aee9e3bd65872e919deb8956755a5e5fa8acbc781ef406e85
- SSDEEP
  
  384:oR2IjUd8szjPms8WmbWGcBNVEAP8N+U+72hJMWNqOImf:opd6jPm+uajP8Numf
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/gabblerTinderyBeaming.xml
- Size
  
  49KB
- MD5
  
  26484e50798901e7aa126b2964129325
- SHA1
  
  e3ae9e21fe7dd0fb0a9bd34372108f2232a631af
- SHA256
  
  4b3bad92cdb31ebdaa0088ef4852859ee847220fff0da8b841c4c1a89e348555
- SHA512
  
  861617a106a1c7c2d974531b25ecbe8d6139ed044d228370056cef91e299031f9a9cd9f0d3b8a3c7a85c677fdba7b9a1d8da63e33f61c1a559f2d0824e700df4
- SSDEEP
  
  768:/fDKx05DHBVrah7xArfx5c9wiFJ6IgXuHNXUQ/UN:3mqraQfx5cboIdHVB/UN
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/hebrewsNae.xml
- Size
  
  23KB
- MD5
  
  ee59f6e22530309aa1c89e1826b010c9
- SHA1
  
  00d80241a03d28c42816868a2c4eecf4bd0d071f
- SHA256
  
  4159a3468eda56949355eb5fda59539d2f08bdaafa8fd5021e57761b1b5856a2
- SHA512
  
  fd84ee0feefecbe7207f5eab36ddb8e4615ee2e21e1e469775c6cfb60210e22916e789fb185375d3f24f57455e999f771a1a6a19f4febc1386931370f1111e99
- SSDEEP
  
  384:AoyJutAZGH54ktClFCYqwDnNEeuVXuu0x9nDRcbDWtYdl121kG/V/3Rq:/61lF5nNEHbYK4Ydl18kR
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/shaleDashikiBajoire/baluchKenlore.xml
- Size
  
  70KB
- MD5
  
  be553e5b5288fcfc8115570b26c8c849
- SHA1
  
  fa5b7fbd3c297e4f540ea15944fa0a74c487eeb5
- SHA256
  
  cf715dfc6cbbc90a78b8d5c9c656b818026baa666feda2595865c126b68c142d
- SHA512
  
  4845ef68c356b3ccb993d162b4b0ff1f99d2a88fdcc5aa3bcb28115a2ecc8c1c1802835d30a8b019ff88226c07107bae0ff7edc689827c59173701ebb38e0cb0
- SSDEEP
  
  1536:+tyzXm9kPizNKupyIw8hTF4+z2Vr43JJAusaEhMEpJuu:yyS9kPizNKeyIw8Vqj4J+aEhTJj
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/shaleDashikiBajoire/ecuadorCapers.xml
- Size
  
  42KB
- MD5
  
  7411966ba263e7ebaa428c782fe9fc45
- SHA1
  
  8b3bee6e129a04255f2b31bbc336524123fb1262
- SHA256
  
  8c85e34d186c96a65990d7b2c0b47c261fd7da381679c604a30937cae07be62f
- SHA512
  
  329a494d2cdf57aabb91938625338552986a914e813ced0994ee78185a5a2ee05f1b4c7790b07516da1039f99bb20d2e241b2fee28a56611099d0a97b54e424c
- SSDEEP
  
  768:AbcR03Pbz/Lw+HqmaNkIZ8kfCEDW22I1Iea4OytHKegD:TMPMMqJNNBP21ea4JKD
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Portable_x32_x64/res/cravats/broachOneill/shaleDashikiBajoire/fungo.xml
- Size
  
  47KB
- MD5
  
  244dea20fa36286413b32ecd871a571a
- SHA1
  
  04a9f3e4946a1526e868ab2cf68b5b332d062590
- SHA256
  
  0d4147559c86524890fa9948213aa184761c3f9f31b520197dff96f22241f438
- SHA512
  
  79bcea54fd397cf579bea73db99a43d5c30b3345458405d45bc0d926e67f811e8bcc5b79085cd3e00e3fafe419227f0bb007124482c54ca6f3ab53e7f0780667
- SSDEEP
  
  768:YIZSe2jlNGqwKwwpFsYaZHTsJtTGakI5P7UI6bo:HZSe2BNGqHwisVZHw2aFuLo
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

rhadamanthysdiscoverystealer

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32