rhadamanthys | d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13 | Triage

Sharing

General

Target

d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13
Size

2.3MB
Sample

240902-eyy1rssema
MD5

672f29720fb46e90d4b620c5bd157a08
SHA1

548bcc11ed9cb4160bb07f2d0e0eee644e6fc488
SHA256

d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13
SHA512

05cbe3a4c05d4459a9d74ddf1aaea1875985fc6447505d03891cec1669668a9d1f859bc9aebed37f69d8168f9ee4bd1500dd30fa12e2fae4a2c641a2777fe8b0
SSDEEP

49152:RE1wVQ0HzeFuJxPaZOYqgXg7Cn5BJlT+Qr/nafL+bllS4sm7Gj/ebr:REw5Mu3IOYqgjB6bsGjmH

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13
- Size
  
  2.3MB
- MD5
  
  672f29720fb46e90d4b620c5bd157a08
- SHA1
  
  548bcc11ed9cb4160bb07f2d0e0eee644e6fc488
- SHA256
  
  d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13
- SHA512
  
  05cbe3a4c05d4459a9d74ddf1aaea1875985fc6447505d03891cec1669668a9d1f859bc9aebed37f69d8168f9ee4bd1500dd30fa12e2fae4a2c641a2777fe8b0
- SSDEEP
  
  49152:RE1wVQ0HzeFuJxPaZOYqgXg7Cn5BJlT+Qr/nafL+bllS4sm7Gj/ebr:REw5Mu3IOYqgjB6bsGjmH
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer