rhadamanthys

General

Target

84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac.exe
Size

13.8MB
Sample

240830-b182zasenp
MD5

6ea2b5143078d89828fbcb105b90a693
SHA1

dbfe2845b56a4eaa60015dc001162c3023158d21
SHA256

84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac
SHA512

bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47
SSDEEP

393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

C2

https://147.45.47.72/9fcc2685c3ccafd/bkqam9uj.vgdc6

Targets

- Target
  
  84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac.exe
- Size
  
  13.8MB
- MD5
  
  6ea2b5143078d89828fbcb105b90a693
- SHA1
  
  dbfe2845b56a4eaa60015dc001162c3023158d21
- SHA256
  
  84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac
- SHA512
  
  bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47
- SSDEEP
  
  393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM
Score

10^/10

rhadamanthys discovery evasion execution persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  ⌚/stepao.exe
- Size
  
  423KB
- MD5
  
  7313e7456fbaf0d2554570c77897abf1
- SHA1
  
  850e156c7b58ab4b7ae5eedc0c8a396d33930d3d
- SHA256
  
  2fc82bf903409c53ed2b488b7920be9df0c60835d12bb21c45c27384e4a1ff38
- SHA512
  
  62cdd0914b5c150f615c2f7e56e5f106308387d9ef4d045a54e4f32280d6abbfefb1ace4ad7123881e437567df5566ff0c872555df913d534ebf43c56c8d6cd0
- SSDEEP
  
  6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSl3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzbaYsViRUF9
Score

1^/10
behavioral3 behavioral4
- Target
  
  ⌚/withrobot.exe
- Size
  
  14.8MB
- MD5
  
  02071fe1b9c8d6ade8dafa0a71600503
- SHA1
  
  5b547e72386e43c291bceea5b7d0e8f51469cd3c
- SHA256
  
  00c32e90c14f9c866a30256c8499e753397c7385e4a3fbcdc86515b9ee563faf
- SHA512
  
  1c4b1c1cb788f08dea954b795d4e0bbd7c028aa5655ce23af805243d06d1c96ef687b0788343182c1d0307e9c76088e4d53e4506e5a4f8d1707001e6549b487a
- SSDEEP
  
  393216:9kmzxXRKFz5EKqq7EBCuE/FFicGW8bBekvN:97xXRKFdlP9ijbBvv
Score

1^/10
behavioral5 behavioral6