rhadamanthys | c6f78c3a4bd9ddc918702468f97cf894fe54dafcb6b082820784265b21a83852 | Triage

Resubmissions

04-09-2024 22:11

240904-139tqaxdnr 10

04-09-2024 17:23

240904-vygdqatgjl 10

Sharing

General

Target

c6f78c3a4bd9ddc918702468f97cf894fe54dafcb6b082820784265b21a83852
Size

433KB
Sample

240904-139tqaxdnr
MD5

fe4513b354aeb41ccf528545a6d202d7
SHA1

f481c697b2b82d2d47b54b579c73ff0c6375b0db
SHA256

c6f78c3a4bd9ddc918702468f97cf894fe54dafcb6b082820784265b21a83852
SHA512

1ef0a0f33a84f04a87a3f4a5a3f97a7bfe436c34be35bcc39ebd9e88a421efb66682ef7338a5e581787735567c720a64863a78490c6c6608e1d4d18317795536
SSDEEP

12288:1kcsgNKBMAeaEV/XhCWGPhJGgYxeE8DHYO1pT:1vsgNKBMy8/sWxedD91p

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/ln5f9d9o.td86b

Targets

- Target
  
  c6f78c3a4bd9ddc918702468f97cf894fe54dafcb6b082820784265b21a83852
- Size
  
  433KB
- MD5
  
  fe4513b354aeb41ccf528545a6d202d7
- SHA1
  
  f481c697b2b82d2d47b54b579c73ff0c6375b0db
- SHA256
  
  c6f78c3a4bd9ddc918702468f97cf894fe54dafcb6b082820784265b21a83852
- SHA512
  
  1ef0a0f33a84f04a87a3f4a5a3f97a7bfe436c34be35bcc39ebd9e88a421efb66682ef7338a5e581787735567c720a64863a78490c6c6608e1d4d18317795536
- SSDEEP
  
  12288:1kcsgNKBMAeaEV/XhCWGPhJGgYxeE8DHYO1pT:1vsgNKBMy8/sWxedD91p
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer