rhadamanthys | b9536929d0de9b4a18e7646f2ecf59aad20f93092e982be91d20143d599e6c22 | Triage

Sharing

General

Target

Solara.exe
Size

6.2MB
Sample

240830-ktrc1sxaql
MD5

da26c67d857555aeef4f2580e53d7c6d
SHA1

fc39f8e1987aa7d8553b052b789a7e6b0d24a68a
SHA256

b9536929d0de9b4a18e7646f2ecf59aad20f93092e982be91d20143d599e6c22
SHA512

115ff4890967b3a00bf2e192d9e2d8717bc7525bab995ca5db7c5c7d2be6a81888ae9687f51d04d053371088e553381a7844a82433240022bccbc44b319df75d
SSDEEP

98304:yyjZJD+ddKUmXQ+ZQaJOV20y89y8dfWwl+ZILeXLel:yEZJD+Xe7ZQaIE0jzWwlXebel

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

- Target
  
  Solara.exe
- Size
  
  6.2MB
- MD5
  
  da26c67d857555aeef4f2580e53d7c6d
- SHA1
  
  fc39f8e1987aa7d8553b052b789a7e6b0d24a68a
- SHA256
  
  b9536929d0de9b4a18e7646f2ecf59aad20f93092e982be91d20143d599e6c22
- SHA512
  
  115ff4890967b3a00bf2e192d9e2d8717bc7525bab995ca5db7c5c7d2be6a81888ae9687f51d04d053371088e553381a7844a82433240022bccbc44b319df75d
- SSDEEP
  
  98304:yyjZJD+ddKUmXQ+ZQaJOV20y89y8dfWwl+ZILeXLel:yEZJD+Xe7ZQaIE0jzWwlXebel
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer