rhadamanthys | 7b4a0714d5b8c42fd15f030ba1562a1e17b65330514e523ad7be50f8df1a508e | Triage

Resubmissions

22-08-2024 15:41

240822-s4zq5svdqd 10

22-08-2024 15:36

240822-s1zlzaxcqn 10

Sharing

General

Target

7b4a0714d5b8c42fd15f030ba1562a1e17b65330514e523ad7be50f8df1a508e
Size

443KB
Sample

240822-s4zq5svdqd
MD5

2b1106b098715cdfb812022093fd72d9
SHA1

a296d6de40d7b1b4ff881ad95c45d769516b49f5
SHA256

7b4a0714d5b8c42fd15f030ba1562a1e17b65330514e523ad7be50f8df1a508e
SHA512

0d9b0b690ca887115c54953fdfb546a0c395afa79dd15b7638b1d08381a439dfa9c24e914f946f8ee92cd90d8e19d30ea06715ed1c6406d8c0e2535ec5196935
SSDEEP

12288:kueVM4mtaswkUJBK1ZEU+QI2Dk+sK2bEm724Z5:kuCqaYgQrIOkW2Im72a

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/ir9791e2.fw01k

Targets

- Target
  
  7b4a0714d5b8c42fd15f030ba1562a1e17b65330514e523ad7be50f8df1a508e
- Size
  
  443KB
- MD5
  
  2b1106b098715cdfb812022093fd72d9
- SHA1
  
  a296d6de40d7b1b4ff881ad95c45d769516b49f5
- SHA256
  
  7b4a0714d5b8c42fd15f030ba1562a1e17b65330514e523ad7be50f8df1a508e
- SHA512
  
  0d9b0b690ca887115c54953fdfb546a0c395afa79dd15b7638b1d08381a439dfa9c24e914f946f8ee92cd90d8e19d30ea06715ed1c6406d8c0e2535ec5196935
- SSDEEP
  
  12288:kueVM4mtaswkUJBK1ZEU+QI2Dk+sK2bEm724Z5:kuCqaYgQrIOkW2Im72a
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer