rhadamanthys | b0475c86a0677c43ccc49de3ad6cfba66b6eb79968b162f8e7ca95f0e57def07 | Triage

Sharing

General

Target

OyunAktivatoru.zip
Size

12.4MB
Sample

240903-w9sfsstbrq
MD5

c48f446cbe37f0f6049f9cace05f570f
SHA1

04fc2f38666c1e31f36021eda5b2c6c9645bc8e1
SHA256

b0475c86a0677c43ccc49de3ad6cfba66b6eb79968b162f8e7ca95f0e57def07
SHA512

0dbd3048aec5083fae02588f94ea5cc2a3768d898395c04a43c008e68a5a6e8c4203f670dc40b270a35d68697815e06cc5ecaa437f4498f2d074892dd040ddca
SSDEEP

393216:qokjJJgoPLNzWEIs0HJI++Pxh9YNr10+AWD+5+VZ:TSJgoPLNzWi0Z07yG6

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://154.216.18.122:2013/fb9e53a2cacd52/o1vqrk0b.8e15q

Targets

- Target
  
  Start.exe
- Size
  
  678KB
- MD5
  
  fd57b4457b9c453bf563559c53b9071b
- SHA1
  
  08eb3a76af5c337b73f50efe5a27c43b68edce88
- SHA256
  
  995bf2a06730050f99f6e5ff53d641e1e98f022e7d7c376d91d65959aa79a70e
- SHA512
  
  ba9518440625fef53101440c976951b5c8e2b07f946a975da77b8a7ab2cbfc795cd20a264f61ff1fc4a7c0b77ea9b75ed8a9c9e69b9d22ae65d10163a510c5a7
- SSDEEP
  
  12288:PoZ5cyP2UluWW7hvraWyE/7bQGLnkQzeD6lHCMfm7HUb3s9a40:PoHhP2YW7hzak7bQ8HCM+4QI40
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2
- Target
  
  d3d11.dll
- Size
  
  2.9MB
- MD5
  
  d73e40d1616efedfcb2f88fbeb71fe3e
- SHA1
  
  280d5175bbb781169a008e7774263690582839d1
- SHA256
  
  15ca730b2120f0fd45b9321ebb0e4ee3df31fffa8ea8df82c35de423b531eb3b
- SHA512
  
  34b2c2166755dfba13ee5d2d5830d6b008a36ecba59b9b09650276de6771135bbecec743bb9a88b5a061a046f000ae83238f2b1c005e5776aaf68f433bd3607f
- SSDEEP
  
  49152:8DtuAfOHvpxrG9tvIXm8P8D1CPwDv3uFfJVqhqLC6J0oxe13Tg:Stuugvps9yXm8ED1CPwDv3uFfJVqh+Fm
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  modules/x64/d3d/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral5
- Target
  
  modules/x64/d3d/d3dcompiler_48.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral6
- Target
  
  modules/x64/dbgeng.dll
- Size
  
  6.7MB
- MD5
  
  93abed9f387b31e2ed7e4466c984858f
- SHA1
  
  89747c5cce5ce1bf6c241f3cfabd169177b912b9
- SHA256
  
  7627f411b5aaf5ee7135e29160d6d08ac3c5f7d52071d789aa6bcd294c65981c
- SHA512
  
  9b48d841ee8940d36edc2d6ae1b7443b746ab6e3e30715452993cbfa24156b616d0bda317a6918a47faa05f08501979427e443c8334935643933142b3839fb0f
- SSDEEP
  
  49152:mT8zpne8gDJHRJN7tQkTvf70mXeG+wOeJGwFUM6RzFxD77FXDMrEiL3KXkCPQTf8:VOgJs6+fQdf5sX5+qZ9MQN
Score

1^/10
behavioral7
- Target
  
  modules/x86/d3d/d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral8
- Target
  
  modules/x86/d3d/d3dcompiler_48.dll
- Size
  
  4.7MB
- MD5
  
  a7349236212b0e5cec2978f2cfa49a1a
- SHA1
  
  5abb08949162fd1985b89ffad40aaf5fc769017e
- SHA256
  
  a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082
- SHA512
  
  c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02
- SSDEEP
  
  49152:FCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRNS:EG2QCwmHXnog/pzHAo/A2L
Score

1^/10
behavioral9
- Target
  
  modules/x86/dbgeng.dll
- Size
  
  6.7MB
- MD5
  
  93abed9f387b31e2ed7e4466c984858f
- SHA1
  
  89747c5cce5ce1bf6c241f3cfabd169177b912b9
- SHA256
  
  7627f411b5aaf5ee7135e29160d6d08ac3c5f7d52071d789aa6bcd294c65981c
- SHA512
  
  9b48d841ee8940d36edc2d6ae1b7443b746ab6e3e30715452993cbfa24156b616d0bda317a6918a47faa05f08501979427e443c8334935643933142b3839fb0f
- SSDEEP
  
  49152:mT8zpne8gDJHRJN7tQkTvf70mXeG+wOeJGwFUM6RzFxD77FXDMrEiL3KXkCPQTf8:VOgJs6+fQdf5sX5+qZ9MQN
Score

1^/10
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10