rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.zip
Size

11.4MB
Sample

240829-wpnbcawcmp
MD5

6aceff5f2f960a504898c91e2c13f907
SHA1

4dfe9afc90bf8f1bf726b1f0be8e5120a8f390d6
SHA256

1584752709b6b0c5cd83ed8d075a29915abadd32ffdd7c8974f45bb45e7aac40
SHA512

079807d02985c5261548654f7318f6fb67ba78c790e9fdc3a77c1c02ba673fc56b30a70a55b40c8a824467e5d36d35c7fc39c76f739328a244b51137caf9f448
SSDEEP

196608:+HWmlHe7xXtMZnwxG4wmtzfS33gnvfAe48WQ17bUGlgriBrxhNT/g3dbkHU5DBhn:+H7gx90ywmq3gvGQ1HUPri1xktbsUjV

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

- Target
  
  Solara.zip
- Size
  
  11.4MB
- MD5
  
  6aceff5f2f960a504898c91e2c13f907
- SHA1
  
  4dfe9afc90bf8f1bf726b1f0be8e5120a8f390d6
- SHA256
  
  1584752709b6b0c5cd83ed8d075a29915abadd32ffdd7c8974f45bb45e7aac40
- SHA512
  
  079807d02985c5261548654f7318f6fb67ba78c790e9fdc3a77c1c02ba673fc56b30a70a55b40c8a824467e5d36d35c7fc39c76f739328a244b51137caf9f448
- SSDEEP
  
  196608:+HWmlHe7xXtMZnwxG4wmtzfS33gnvfAe48WQ17bUGlgriBrxhNT/g3dbkHU5DBhn:+H7gx90ywmq3gvGQ1HUPri1xktbsUjV
Score

1^/10
behavioral1
- Target
  
  Password - github.txt
- Size
  
  17B
- MD5
  
  37681049ce7c84867108bfb4216689be
- SHA1
  
  f95e814713dfe83170513a6014aec373c9c0d006
- SHA256
  
  4ae8508642027b5e5373a40b38da75c2a36ee3e99f693650c0803168533dbbc7
- SHA512
  
  0b46362b0ae7afd192dee66e0fac2f213f2d93603adf9c2325eef23a22076f7eeccb2515313660881ebba1058fa5762f51eab143fb92c0c7e05b103a52d1b9fc
Score

3^/10
behavioral2
- Target
  
  Solara/Debug/Addition.dll
- Size
  
  30KB
- MD5
  
  f22e849a370cdf127f48beab596bdd81
- SHA1
  
  fb1da47c7a246f2cda7f7686a468efafd9933b1e
- SHA256
  
  8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
- SHA512
  
  6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
- SSDEEP
  
  768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score

1^/10
behavioral3
- Target
  
  Solara/Debug/Autoupdater.ini
- Size
  
  5KB
- MD5
  
  f78b8f3d265b4e9a706ed0aae70bdf9c
- SHA1
  
  6d73ad3954fd8fda80911071efca1910fd2d0a3d
- SHA256
  
  dcae62d049c4dd496effab6f02220bc270c6c098ebb55a5a6e55fbafad2974d2
- SHA512
  
  c44887c08d1239969aaf9934921f1a7341b87faded169136fcc0539d62de3104ecec0e3ac7a28eb3135cb449f58310b49f868963b64b920210d1c55104e7e7cb
- SSDEEP
  
  48:K3Px9Vz69T0oXIGXTWGXsP9JEX98TNx9P8k9zZ8G958d8lx9Vz69T0oXIGXTWGXe:FvTlEGvTlUOy
Score

3^/10
behavioral4
- Target
  
  Solara/Debug/DebugPPF.tmp
- Size
  
  11KB
- MD5
  
  b1e68fabd5c19aaa21de6351554aae2e
- SHA1
  
  66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8
- SHA256
  
  63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca
- SHA512
  
  6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd
- SSDEEP
  
  192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S
Score

3^/10
behavioral5
- Target
  
  Solara/Debug/DebugPPT.tmp
- Size
  
  11KB
- MD5
  
  4969578a5fd8d113ab7783812849c1ed
- SHA1
  
  580f84362a74337b2ed25bd58700e9a002e51bc9
- SHA256
  
  9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0
- SHA512
  
  49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef
- SSDEEP
  
  192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ
Score

3^/10
behavioral6
- Target
  
  Solara/Debug/Helper.dll
- Size
  
  189B
- MD5
  
  9bb9aba5dd893bbccfa45e2d75d55d26
- SHA1
  
  5714796513341ac3159a6a3c23d4769209063d35
- SHA256
  
  6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
- SHA512
  
  f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score

1^/10
behavioral7
- Target
  
  Solara/Debug/Management.log
- Size
  
  8KB
- MD5
  
  ff765d6581fe6568aaae19de239b2e7a
- SHA1
  
  78b09b0ce2e59ce87f65251ea903842c1c77046a
- SHA256
  
  4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc
- SHA512
  
  8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e
- SSDEEP
  
  192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a
Score

3^/10
behavioral8
- Target
  
  Solara/Debug/Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral9
- Target
  
  Solara/Debug/main.ini
- Size
  
  4KB
- MD5
  
  d2e799c6b2467a0a4aeb0cba508e8a30
- SHA1
  
  349e50e830cca26b03a0e32bac1f9045a72eb406
- SHA256
  
  d3d79eda930253d1ad388f60a56775f7d6bff80ce5a4e07c812d7d338fc93593
- SHA512
  
  f1d14875a6379b450eb5dc2513a1791ec65a6fb237db94a74621c70ca5d579428b7cded35ce3bece884faaabca4f0705de73fb5cc8b2d60be995b2be66cb20c2
- SSDEEP
  
  96:38acVNxLPdLB3fhvKSEnQRkB6Ip1ImmoM:38xxzd93fASEnNIy1ImmoM
Score

3^/10
behavioral10
- Target
  
  Solara/Debug/ukm_db
- Size
  
  96KB
- MD5
  
  98472e91a63229be8bf542ef28c56111
- SHA1
  
  65c3b300e972704246294d1b822d01a0eba36349
- SHA256
  
  502483b0d0d9ba2d0c50565c296cb685c9098cded6ffeb74f924eca85af11443
- SHA512
  
  424e7ebb1a8d97da12fffec76a4dbaa47b1bbb83974e2099a05cd89b7f9256f05439c3f63162bbb70deda86405afc9ee5a8952c428ded13f33c77d6676b4898c
- SSDEEP
  
  1536:ABvhM6JBRI3kYiZYVGVuA5F0tjogInznsHK+WtuRTvWXNZ1VMUP9H:SvhVBR2kYiNVuA5WjogInzMWtuRTvWXP
Score

1^/10
behavioral11
- Target
  
  Solara/Packaged/Main.ini
- Size
  
  1KB
- MD5
  
  7b53ebd64e5781e02eaefb6739a6b556
- SHA1
  
  d5332b200cf5dcea0419afdb66a15d89b9eb619f
- SHA256
  
  b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
- SHA512
  
  c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score

1^/10
behavioral12
- Target
  
  Solara/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral13
- Target
  
  Solara/Packaged/Utils.dll
- Size
  
  1KB
- MD5
  
  73e051427246dd4ca45935b1a4bd7e2d
- SHA1
  
  7216f05041252f1c3a9d84aacdf84ef62f1a1045
- SHA256
  
  b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
- SHA512
  
  3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score

1^/10
behavioral14
- Target
  
  Solara/Solara.exe
- Size
  
  433KB
- MD5
  
  511f208e7b396defb7dce554e5d43ea4
- SHA1
  
  890ab67abca71bd4785204cede30a39d5a168aef
- SHA256
  
  cb6b38f445f334599088702569ed9c9d4b0a54c7c88097a16ec6e58055517a3c
- SHA512
  
  32b4cdbc0c5b4205e0ec02a38dc5b6086b35388ec76aadfc6565497c2466bca1e4ecc601a581856078c77719131e6c19e867e59c038605e3a430dfc1e8f13ecd
- SSDEEP
  
  12288:CCouY2+3Q1uRGysHZR0Ea6uatj8vxn8DDXOSb:vc1Q1pj5eEa6uS8ZnWX
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of SetThreadContext
behavioral15
- Target
  
  Solara/accessibilitycpl.dll
- Size
  
  274KB
- MD5
  
  f316026e08074300cbdcd8453bfd3116
- SHA1
  
  c7494558e98e42930b83349ea816963147242fba
- SHA256
  
  a28ef80b49f85f95f929d5c40245b05f95d58bb672764c3539ce69098db9bcc2
- SHA512
  
  cb205111f99cdd4ab930644dfc910f82015175c452be330dcdbee3cff3a07234bf6e77c5967a33fb02ec0bdd993b96b19964160a5511dcfa684a77508aede047
- SSDEEP
  
  6144:2f/fsr6htcMmmdxeAXXDoDGNIPTympgJp3P:O/fsr6hCtUxeLymW
Score

1^/10
behavioral16
- Target
  
  Solara/buffed/chidedOcurred.xml
- Size
  
  14KB
- MD5
  
  2cc7542482d486c23aa4fa8d77163776
- SHA1
  
  5ac932e3532023a113230c0a426eaa6d2b51284b
- SHA256
  
  0e4bf326bbd329a90a8a04e755d6c2f1f6f26d67b8db3295a4e15561b7b1707d
- SHA512
  
  df555bff92cabdd529088aa2071e9a4a4b5b766ed0b3183048ca46e769bd88101e4f5870dc699769f1b4383c591e73ad952adfc3c2c38256120b57ccdc387f52
- SSDEEP
  
  384:4wuVphEutg7Rv/6Qb+QsxcUUIVInnkuRQuM8:crh1+7Pb3sxfkn9QuM8
Score

1^/10
behavioral17
- Target
  
  Solara/buffed/decineSatoriiCoppy.xml
- Size
  
  582B
- MD5
  
  de41de7278a4d6a19ddd7ccb9463f1c1
- SHA1
  
  1f2211da3b4767b562cd2d5f41363420691f337f
- SHA256
  
  2ce025a1cfb9f7708815d2f1c3a4cc4478930432f7a5f7b9b5adc61f8868f8b4
- SHA512
  
  2ccd2950be7ab79035eeb6e7f28cbc4730cbaaf1abc6bdb0e038848a373e49aade573bdbf9cd86a1af46a63b16d9f5fa3cb931d73366b77fff0934e44c46b2d8
Score

1^/10
behavioral18
- Target
  
  Solara/buffed/ecocide.xml
- Size
  
  12KB
- MD5
  
  ffb38dd23c3fc65fe3511aba0f723ec0
- SHA1
  
  a08666efa05a191f8a72ed3900cf5928e8191f60
- SHA256
  
  d4df2b4bcd5d34a626bd042776f320da16845c7c7ba0c6dfacde7f46624bfac6
- SHA512
  
  3e62ce31ba74ecd9700d691506aeaac91aa03c8654fdf370efefb87dec7545a4e5d7dcac6b381112cb15eabca79365bbfd892b6200f9b085f702eaf765731d70
- SSDEEP
  
  192:pEiB6XDG609j48uHT+YLpRx4UD/KjmLmNKOMgvsiNXPC1r6aUN6NjkPaHSXs:Ki658uZxtpNO51NXG6kxkPaHSXs
Score

1^/10
behavioral19
- Target
  
  Solara/buffed/gheddaOptimal.xml
- Size
  
  7KB
- MD5
  
  06d269ff4d7e22a6dbf54191bf7c4f54
- SHA1
  
  05fc3d31bf4d1f4b67742a205f1b607a8e6e527c
- SHA256
  
  06c2e9fdaf092549ec926bffb21ba09a4d3284c4804f1fa56e9e69d0bf714086
- SHA512
  
  e46b346017d2cead918c019ea14c3a46b1566da7a1cb67fa1d913daccd4dbbdffe4687bd5a9300d25018fc2de32ff5430c4e3ac6ff15818715119f0ec194d820
- SSDEEP
  
  192:u+bj9Ijj5OhySOIQj8oNexPtaxTQAaCUe:5jgj5OkSOIQZeraZ
Score

1^/10
behavioral20
- Target
  
  Solara/buffed/pickup.xml
- Size
  
  4KB
- MD5
  
  a9f2f9f7d288d187c42f4897f8787889
- SHA1
  
  2a643f4e1a214d62b4965dd33481714838b3f2d1
- SHA256
  
  b482104f25fc6c5484d75e543a986eb8ace6104dfa809c8cad04726bbfb8f7a3
- SHA512
  
  5354f6538dba4181798bc16c3d42b793194e7a60ce2734672d0f9609b213b62f4665eb452be9f29a69baafd02e92bdc2cf213ff9fb1427f34a7f3033a6032588
- SSDEEP
  
  96:YTylIv7LQJc+DU9+UFKSp8gogh98f8YIVpmDAA4+sRlhQ8Iuk7:BlIDLQVDU9NF0wSDAjRo8IH
Score

1^/10
behavioral21
- Target
  
  Solara/buffed/pictaviSina.xml
- Size
  
  292B
- MD5
  
  2655ec9266ba5d7ab41dedae186c2ac1
- SHA1
  
  0ebc5b783416bbfb90e71ac40a6c2d0026fd523f
- SHA256
  
  7da1206a59098a4a0b2259faea8949744db3259758dd17319af35d724bca4889
- SHA512
  
  1d5bf4feef3d0db72d4b8d8e620df954207725ce77b786345d745c5470c85e4bb6810e929e7cfe38bc755e6de50771b0ff21df9392bd8e6fdd46e9cc3b35af26
Score

1^/10
behavioral22
- Target
  
  Solara/oleprn.dll
- Size
  
  148KB
- MD5
  
  e0f375597c9bc2d444be3dc6a65f06e9
- SHA1
  
  11589152b702675bb211054020e33f2659c34842
- SHA256
  
  3e595c971729c2eb7879b6ce468d11e286ea98fa8c1abf93abbc5888542013d0
- SHA512
  
  0299035f227cf1285d1f149c5e67805d1f8c78469fd6fefdbc4616b3f555f7f52c8addc0dc004ce9971223a48892ce0ecee316e4d5dd6583a02093b7d8d866c0
- SSDEEP
  
  3072:DcSblOUyLB7OCm6U0FRwOyu3tkdwdxyDhkpN0Fc:Dc+8UyLBOmrwOyVOl
Score

1^/10
behavioral23
- Target
  
  Solara/wwancfg.dll
- Size
  
  103KB
- MD5
  
  997b0b584ffab0b7ff9cbbfc60d60bd2
- SHA1
  
  2985c0144da0e9f5dcc0092ac54a5ff99a63f761
- SHA256
  
  c4b1f99e87b4568b5b9ff2ded05cebc55376051d44877f5574f2c125566ce604
- SHA512
  
  b77553b7a2f5a55ad4dfa49f241961ddce650dd490f0b15b52dfc3c7018e2ba7d28f8387e150177ea3cf12c827afa7a2b7b9eec863199a829a11311bd9607b69
- SSDEEP
  
  1536:IGYSem4xUPfgSD0B7+Kcdo5j0XNijwb8Pxsr8jtlelXLZpFtBH0:xYcpPfgSDWa3dJU88pNpUlXVXjH
Score

1^/10
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24