rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Deadly.zip
Size

4.1MB
Sample

240826-lc9npsyarn
MD5

39b4074556cae97c50ae502b7af52d12
SHA1

8ed89ca55f56e41e38e8158853fb2bf258193a88
SHA256

109e28e1841956878110d3eec893a910c898eff0e7e1491518ee249a2dcf0d52
SHA512

0f7b30960ce34fe2f02cf22421a0cd9e52ae631c252c92c1eb34e4dc51d9458120936999cf0a1455c825ac9a0be8fe8add0f504e0966cbe8f7dc4d00077c3554
SSDEEP

98304:53eCSqzMGzAv3DraKk9rszstKgoGz0jDtVJRb98FPD:5ukyvi99rszst7l8tVJRm

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://144.76.133.166:8034/5502b8a765a7d7349/2exkmrnd.gl5ss

Targets

- Target
  
  Deadly Beta (password 2121).rar
- Size
  
  4.1MB
- MD5
  
  fd43928e9192b49c74be9e3228831088
- SHA1
  
  a4f310330abf5988eef1e69e1c7280df5bcee923
- SHA256
  
  3e0faf2368d158b927fe8ddf8cc45c18465fd663545652dcf11812db0e039429
- SHA512
  
  33d181f02812d7179c1e0bdd995bb0ee38bb3b008a908cac91dd18356b025c051f19bb72fb41803d06135cf6fe92b6f1b8af0c934a06601aed9d930ab990f963
- SSDEEP
  
  98304:f3eCSqzMGzAv3DraKk9rszstKgoGz0jDtVJRb98FPD:fukyvi99rszst7l8tVJRc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Launcher.exe
- Size
  
  442KB
- MD5
  
  32294ae4ad2063b44a4d31cad44ad9ff
- SHA1
  
  24313fdc2cff34a0065b4643f40fe44ba4a2fbc1
- SHA256
  
  bb6ece8edf1cab4336f7178b9e158edf9e8fc0b966ceefd157dc1f5d119f309f
- SHA512
  
  e2449493a32a622b40bd06c05f709e065e1b3002ed0ff6b48c594eb226f4e807b9c65cc3bad4934bd984920001d02b52f357dd3d440b762ee63b44be10ece290
- SSDEEP
  
  6144:1JidrNEDu9O0EfUJfnzAfe4JM4LG17vIxwzrv+job91QLNupN/REjITFpARZN4tQ:1odaaqU981gvQn0bMuCEFaR79swnhEO
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  WebView2Loader.dll
- Size
  
  154KB
- MD5
  
  577f05cd683ed0577f6c970ea57129e0
- SHA1
  
  aedf54a8976f0f8ff5588447c344595e3c468925
- SHA256
  
  7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf
- SHA512
  
  2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047
- SSDEEP
  
  3072:R8AhKsY0iHlDhvlUQN2gWNZ6hVThFEtqQbucPqAJwU:usY0+lNv6E2JYEtzbuuV
Score

1^/10
behavioral5 behavioral6
- Target
  
  res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.pyc
- Size
  
  114KB
- MD5
  
  a2f3ded45da8870e93e5d2186dab27e8
- SHA1
  
  3f8e0cddecc3827b33ec02cd78d192c18f1ddf82
- SHA256
  
  fc19237a4e9ae65829dbde384ce0de2c78b22d9577384dded9d4cde569a12742
- SHA512
  
  438621491061c7f14f59c48d0d2fdd637a17c058df13417e21d660d81632dbb826a6144032f6f9192ab9bb0afb46b8f6cf3982879dc9942261c2538dbd17187c
- SSDEEP
  
  3072:k6BVH7SBjeSCbupKVfG2yQJ23J+Svsy9k/TukuPMh:zrbKeWmDyQ+13kOPMh
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.xml
- Size
  
  1KB
- MD5
  
  ff03ec17ee5f13070dd50717620ffbc0
- SHA1
  
  3243099738c6b40d2fdcaae8b16fef280b5eb835
- SHA256
  
  8e7d953780ef22d302a154cc504a0e13ff031b9177f9b20708bfd8ee9ddad7ed
- SHA512
  
  535f4c9f6911ebb0843d0d8c58b2613cbf5122281b50b056918e693e0db9d9daf54fb17b744ec14f95929673868fdb516f8d1f5330bf930a486c9d502fb7c2fd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  res_mods/1.24.0.0/readme.txt
- Size
  
  53B
- MD5
  
  1a4884dcdb1a8908bee1099dc846f896
- SHA1
  
  ca6b6f8b0a5ee2116163c7c5026d65adebab61a6
- SHA256
  
  83ab826c036bb841639276fa0e2b2d7dd07165cd2f17a039d0b3d0118d5c3f19
- SHA512
  
  e8cde35ffd67c94386faedb5caa70a1d6c2e076138ffe5d0c418e60efd2cc8ca53d2ca3b9268897ab4afd2c0328aa7383ef99ee59145ddc72f20007095ef3fa2
Score

1^/10
behavioral11 behavioral12
- Target
  
  res_mods/1.25.0.0/readme.txt
- Size
  
  53B
- MD5
  
  1a4884dcdb1a8908bee1099dc846f896
- SHA1
  
  ca6b6f8b0a5ee2116163c7c5026d65adebab61a6
- SHA256
  
  83ab826c036bb841639276fa0e2b2d7dd07165cd2f17a039d0b3d0118d5c3f19
- SHA512
  
  e8cde35ffd67c94386faedb5caa70a1d6c2e076138ffe5d0c418e60efd2cc8ca53d2ca3b9268897ab4afd2c0328aa7383ef99ee59145ddc72f20007095ef3fa2
Score

1^/10
behavioral13 behavioral14
- Target
  
  updates/icudtl.dat
- Size
  
  9.8MB
- MD5
  
  65c6337820fbe9bf2498a9395e3b20f2
- SHA1
  
  5cc62646e6c73b4be276d08719bc5e257af972bb
- SHA256
  
  33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4
- SHA512
  
  4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9
- SSDEEP
  
  196608:g7UPty2ACLA2cliXUxR0jHz93Whl96p6VJQ:V12CLAZliXUxR0jHz93Whl96p6VJQ
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16