rhadamanthys | b8d717274bc433d50448adf0699ab7cd23498023dd105fc009b7cf61b343ce82 | Triage

Sharing

General

Target

8Ball-Pool-CHETO-Hack-main (1).zip
Size

882KB
Sample

240824-pgn5cazbjg
MD5

9235225b2a9d394c1e18e135e65a6ee5
SHA1

0e2c28128311de834a9f4c6d75e7d9e3fb883160
SHA256

b8d717274bc433d50448adf0699ab7cd23498023dd105fc009b7cf61b343ce82
SHA512

1d00c7846ff321f28e9ed5778b1ff9925c7c3995104644930bcf1ec67e4eb56a104890a0aec826ecb077ebf5b059add0bd6d2a8f3546faaa573b2e06d1d6c614
SSDEEP

24576:50fVXpWDtDRn2WJQmrfjNiVrGroGxgkIKgG:UBpWDhZtJf/NqrGMGxUdG

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.125.50.38:3034/739bd3e91cd40ca83/lem.api

Targets

- Target
  
  8Ball-Pool-CHETO-Hack-main/CHETO.exe
- Size
  
  355KB
- MD5
  
  bb84cc2853596d21a318576c4995fcce
- SHA1
  
  477a224d5b4e398b34a978ac19def1cbafb211d3
- SHA256
  
  6135bdbcfd9f824b3da0bef2ba73018a998967e20c5d0274c6a1c0433649b017
- SHA512
  
  aa32be3d91bf6e2c8fed0d0e0407723466b477ab0d27c5d3cd705ac73365ab4c56de4f16d4786ee586e750d6835eba09775dbf5a93b0da0eaea4326f2fc2bd5c
- SSDEEP
  
  6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfqksb:gf2R/EEkCQFYDwRqv
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1
- Target
  
  8Ball-Pool-CHETO-Hack-main/license.dll
- Size
  
  1.2MB
- MD5
  
  36dea25d49b9dff21acebface8ea2044
- SHA1
  
  5bd97162bc98e36c124811c360dbf29c6233405e
- SHA256
  
  d960a2eac5e7f1aa04e9f8d0da4eb9bb0b097ca58d0ce83ea1bb8351baf26301
- SHA512
  
  64f06db24297e30d7ec91d3cf9ccc33f28eb9041e463933866b09de0d138d964505aa38f32158be5e5491e4aa68d8ae77bccce9c068e5980d2281a24294bccf8
- SSDEEP
  
  24576:1iE0l9oS0Cl/9qZPcYJZEiDO3ytIPMunHuGKFufrrH1:YE0l1ZlVsPc06i63aIPZnBX
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer