rhadamanthys | 6d3cb7a3b8e5a1ca0288c225b8bf2a3d741f05fe1d8f3954d5e36ce13ce99355 | Triage

Sharing

General

Target

module.exe
Size

5.1MB
Sample

240915-zklhqssdmr
MD5

12d8c8c95c59e45b98b2a107575b0169
SHA1

8a179831a9a5da9a64888702be744a0e837adfc3
SHA256

6d3cb7a3b8e5a1ca0288c225b8bf2a3d741f05fe1d8f3954d5e36ce13ce99355
SHA512

9b253516f3034a65232b97e58817c24ca4a0b73bf1bc141d5903a645a499cbd97c8f263a1704d54fb88998258d12a5da683090102c7dbaf1b1d98f71de9c6b6b
SSDEEP

98304:BVzQ9Vn0SYsWvZITBRT+ELshiuAg5GnR4yZ3/iDOkdxkddactnTALndAiXl4L:B0Vn0SpgZ+BRT+EDuALnpaDrd6dounTk

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  module.exe
- Size
  
  5.1MB
- MD5
  
  12d8c8c95c59e45b98b2a107575b0169
- SHA1
  
  8a179831a9a5da9a64888702be744a0e837adfc3
- SHA256
  
  6d3cb7a3b8e5a1ca0288c225b8bf2a3d741f05fe1d8f3954d5e36ce13ce99355
- SHA512
  
  9b253516f3034a65232b97e58817c24ca4a0b73bf1bc141d5903a645a499cbd97c8f263a1704d54fb88998258d12a5da683090102c7dbaf1b1d98f71de9c6b6b
- SSDEEP
  
  98304:BVzQ9Vn0SYsWvZITBRT+ELshiuAg5GnR4yZ3/iDOkdxkddactnTALndAiXl4L:B0Vn0SpgZ+BRT+EDuALnpaDrd6dounTk
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer