rhadamanthys | 6c4028b4b5e8f71dc6bc723555067a597705290a7fee617cfb215ae642741d7e | Triage

Sharing

General

Target

Setup.exe
Size

62.8MB
Sample

240908-cqxfvs1gqc
MD5

ff52e7b7b467b809e1a1f9dabbdbc932
SHA1

7ea421f32351d3e23a83140870ef0e544657bf08
SHA256

6c4028b4b5e8f71dc6bc723555067a597705290a7fee617cfb215ae642741d7e
SHA512

372f41006ad989735a8ae2b93d376b27f4f4986f8cc1a131ab3ff932a1fd47395bc1c1c4129524fb343f8afb752f3dd386c76a8cf6d79597469ffe2cdaaac797
SSDEEP

1572864:2WhYWhYWhYWhYWhYWhYWhYWhYWhYWhYWhYWh:2WhYWhYWhYWhYWhYWhYWhYWhYWhYWhYM

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.184.26.10:4928/e4eb12414c95175ccfd/TestDomain

Targets

- Target
  
  Setup.exe
- Size
  
  62.8MB
- MD5
  
  ff52e7b7b467b809e1a1f9dabbdbc932
- SHA1
  
  7ea421f32351d3e23a83140870ef0e544657bf08
- SHA256
  
  6c4028b4b5e8f71dc6bc723555067a597705290a7fee617cfb215ae642741d7e
- SHA512
  
  372f41006ad989735a8ae2b93d376b27f4f4986f8cc1a131ab3ff932a1fd47395bc1c1c4129524fb343f8afb752f3dd386c76a8cf6d79597469ffe2cdaaac797
- SSDEEP
  
  1572864:2WhYWhYWhYWhYWhYWhYWhYWhYWhYWhYWhYWh:2WhYWhYWhYWhYWhYWhYWhYWhYWhYWhYM
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer