rhadamanthys | 8d5a7124097323dc0f569a95eebc185fe456fa19bdc6186cf99ee858ab557941 | Triage

Sharing

General

Target

1temp694.exe
Size

1.2MB
Sample

240901-1gfzhsscrp
MD5

3dee5861e10fa13a29d0ef0593b5be77
SHA1

a6cb12aeefca226adf4a1c223254171ad7a9890d
SHA256

8d5a7124097323dc0f569a95eebc185fe456fa19bdc6186cf99ee858ab557941
SHA512

26b1a59c56dbb36a584494de9096c5d3196771e985458b1ee3a4458b25f0ce5fab12ea4849f0c42afdeb42d10c2916120e5a264aadd5dd2b9d7fe89838c2be29
SSDEEP

24576:cWy4GRhwybnWS70ykL7v3N0P/Z63i44ErocTnvQRr0VMfVCzfS/GBjoe:cy2LWS7hk9LUcTyr06fVefS/MjD

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://193.188.20.191:443/e0bd9c1f4515facb49/eehcla05.c4ft8

Targets

- Target
  
  1temp694.exe
- Size
  
  1.2MB
- MD5
  
  3dee5861e10fa13a29d0ef0593b5be77
- SHA1
  
  a6cb12aeefca226adf4a1c223254171ad7a9890d
- SHA256
  
  8d5a7124097323dc0f569a95eebc185fe456fa19bdc6186cf99ee858ab557941
- SHA512
  
  26b1a59c56dbb36a584494de9096c5d3196771e985458b1ee3a4458b25f0ce5fab12ea4849f0c42afdeb42d10c2916120e5a264aadd5dd2b9d7fe89838c2be29
- SSDEEP
  
  24576:cWy4GRhwybnWS70ykL7v3N0P/Z63i44ErocTnvQRr0VMfVCzfS/GBjoe:cy2LWS7hk9LUcTyr06fVefS/MjD
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer