rhadamanthys | 1cc809c0a1705cb72a2d8547a063214356e8ee155be147f56b389a29cb6fce16 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.19998.16259.exe
Size

14.7MB
Sample

240905-jjnnpswhlc
MD5

dcb295f480348248ee1ef163a5ba4df3
SHA1

afce363ab3aaea1fc7ebc8c73d5afbac8044e648
SHA256

1cc809c0a1705cb72a2d8547a063214356e8ee155be147f56b389a29cb6fce16
SHA512

4612a40ba4df3c88158013f42120ba0531b1933bed9dde4c8241a15e6745700fc764ea738dbdb507756f3f61a88730a22c1eb93ad6d49f83750732b42413dea5
SSDEEP

393216:DNApEby+tp5ZVHHBOwlmK1kIF1mrniABfmkzPn8:DNApsVB9VF3eekz/8

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.19998.16259.exe
- Size
  
  14.7MB
- MD5
  
  dcb295f480348248ee1ef163a5ba4df3
- SHA1
  
  afce363ab3aaea1fc7ebc8c73d5afbac8044e648
- SHA256
  
  1cc809c0a1705cb72a2d8547a063214356e8ee155be147f56b389a29cb6fce16
- SHA512
  
  4612a40ba4df3c88158013f42120ba0531b1933bed9dde4c8241a15e6745700fc764ea738dbdb507756f3f61a88730a22c1eb93ad6d49f83750732b42413dea5
- SSDEEP
  
  393216:DNApEby+tp5ZVHHBOwlmK1kIF1mrniABfmkzPn8:DNApsVB9VF3eekz/8
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer