rhadamanthys | f0fdacf36c7b831b9fc142a87b30f78102890791de309ac1046a12f30473a728 | Triage

Submit
Reports

Overview

overview

Static

static

1

link.txt

windows11-21h2-x64

Sharing

General

Target

link.txt
Size

20B
Sample

240923-v11kdayanb
MD5

76c9d029aef0ec75fcb3ac8a247d5a3d
SHA1

302c59ceceefa9ce234aa5fb932411da8f7c4098
SHA256

f0fdacf36c7b831b9fc142a87b30f78102890791de309ac1046a12f30473a728
SHA512

b8c5bff79717729da1ce04decd2138ba7a26c80332005608013e80d1e14b7869686e97a8c160aad8a4da1c8954084ece30a71237347061de94a8732c7dbf7e05

Score

10^/10

rhadamanthys discovery evasion execution stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

link.txt

Resource

win11-20240802-en

rhadamanthys discovery evasion execution stealer themida trojan

windows11-21h2-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  link.txt
- Size
  
  20B
- MD5
  
  76c9d029aef0ec75fcb3ac8a247d5a3d
- SHA1
  
  302c59ceceefa9ce234aa5fb932411da8f7c4098
- SHA256
  
  f0fdacf36c7b831b9fc142a87b30f78102890791de309ac1046a12f30473a728
- SHA512
  
  b8c5bff79717729da1ce04decd2138ba7a26c80332005608013e80d1e14b7869686e97a8c160aad8a4da1c8954084ece30a71237347061de94a8732c7dbf7e05
Score

10^/10

rhadamanthys discovery evasion execution stealer themida trojan
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoveryevasionexecutionstealerthemidatrojan

© 2018-2024

Terms | Privacy