rhadamanthys | fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911 | Triage

Sharing

General

Target

5af966f4b657d5d3e5d4576ffac696a2.exe
Size

3.5MB
Sample

240829-gkr2eawgmf
MD5

5af966f4b657d5d3e5d4576ffac696a2
SHA1

f4ec36d2be5a7dea6f4fbbbcd16151d77facf9e7
SHA256

fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911
SHA512

53bd09ee37297632f1d3e3bf0cd32e899a2e87287a418f6d08012ff61acab8c927db201e0fb5656195337439bd7bc1c69c747574326215f211ba688e47ce6d14
SSDEEP

49152:Ek6ufMjhnCBj5I+IOTAwj6E9vOzf6Y7Xrl8d:EkRfMN+Jibl8d

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Targets

- Target
  
  5af966f4b657d5d3e5d4576ffac696a2.exe
- Size
  
  3.5MB
- MD5
  
  5af966f4b657d5d3e5d4576ffac696a2
- SHA1
  
  f4ec36d2be5a7dea6f4fbbbcd16151d77facf9e7
- SHA256
  
  fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911
- SHA512
  
  53bd09ee37297632f1d3e3bf0cd32e899a2e87287a418f6d08012ff61acab8c927db201e0fb5656195337439bd7bc1c69c747574326215f211ba688e47ce6d14
- SSDEEP
  
  49152:Ek6ufMjhnCBj5I+IOTAwj6E9vOzf6Y7Xrl8d:EkRfMN+Jibl8d
Score

10^/10

rhadamanthys discovery persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverypersistencestealer

behavioral2

rhadamanthysdiscoverypersistencestealer