rhadamanthys | 0d9ee9b2c72c983eb0c90851a353b5ca9f2a66e70453c822916c3c4464aeaab8 | Triage

Sharing

General

Target

2024-09-13_8baf3220e481a325efed9bd618f10447_hijackloader_icedid_rhadamanthys
Size

11.5MB
Sample

240913-f6ykmswgqk
MD5

8baf3220e481a325efed9bd618f10447
SHA1

a1a4a63248d1205f2d8ae1f07a525d0eadf58703
SHA256

0d9ee9b2c72c983eb0c90851a353b5ca9f2a66e70453c822916c3c4464aeaab8
SHA512

7e72a783e89fb5d20044fcee5cba6d39fe37555ffa5ab69f91174d9e0cb55e43e266f04c06d3946b9d0ef997b6d42e4548598988b1ea68e2800cda17bb5f66fb
SSDEEP

98304:869vCwEN4gdnXFBArESMUeRBeNUSxXG+tZ5440m9ss0UvUaE:fxwlDArESLeRBeqSxXG+t040esspvUa

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  2024-09-13_8baf3220e481a325efed9bd618f10447_hijackloader_icedid_rhadamanthys
- Size
  
  11.5MB
- MD5
  
  8baf3220e481a325efed9bd618f10447
- SHA1
  
  a1a4a63248d1205f2d8ae1f07a525d0eadf58703
- SHA256
  
  0d9ee9b2c72c983eb0c90851a353b5ca9f2a66e70453c822916c3c4464aeaab8
- SHA512
  
  7e72a783e89fb5d20044fcee5cba6d39fe37555ffa5ab69f91174d9e0cb55e43e266f04c06d3946b9d0ef997b6d42e4548598988b1ea68e2800cda17bb5f66fb
- SSDEEP
  
  98304:869vCwEN4gdnXFBArESMUeRBeNUSxXG+tZ5440m9ss0UvUaE:fxwlDArESLeRBeqSxXG+t040esspvUa
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer