rhadamanthys | ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a | Triage

Sharing

General

Target

ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
Size

3.9MB
Sample

240907-b882yazamf
MD5

46cf6b1946429c912fe569ce4b5e8a10
SHA1

d7e0240a1a4d021800ccc9ace9fdb310ffa63052
SHA256

ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a
SHA512

29a1f0c35f6d8beaa3941c120d01b255933edc7b4b7c6f21267ce19d2678ee868ade3e2c1e476704a22acfc0a13b627c755ad474eb960a17cd7725665adeeacf
SSDEEP

98304:sfUbmfIe1hxCTvblT3gbG3WfaWLUMxSZNOWfhL:sfUyzSTBgyGslhL

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://89.117.152.231:443/e0bd9c1f4515facb49/gj28n35o.2n73x

Targets

- Target
  
  ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
- Size
  
  3.9MB
- MD5
  
  46cf6b1946429c912fe569ce4b5e8a10
- SHA1
  
  d7e0240a1a4d021800ccc9ace9fdb310ffa63052
- SHA256
  
  ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a
- SHA512
  
  29a1f0c35f6d8beaa3941c120d01b255933edc7b4b7c6f21267ce19d2678ee868ade3e2c1e476704a22acfc0a13b627c755ad474eb960a17cd7725665adeeacf
- SSDEEP
  
  98304:sfUbmfIe1hxCTvblT3gbG3WfaWLUMxSZNOWfhL:sfUyzSTBgyGslhL
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer