rhadamanthys | e637c03a7336a66aa36a68f34cefa959ec63132a72e84c3efe52ccb86e4a666b | Triage

Sharing

General

Target

r
Size

1.1MB
Sample

240923-zhg3jazfjp
MD5

77cf2336defde85457746d0daf89046c
SHA1

42487cec3eb28b02f5e4142a813fae62cc3f0017
SHA256

e637c03a7336a66aa36a68f34cefa959ec63132a72e84c3efe52ccb86e4a666b
SHA512

c8317a063116ec96e1020b929280dc5c4c9907885277df05d44504e564a7b719f219890269029a3faab44908d205109083f674fcd7e6d578072dcb6c9b903e4c
SSDEEP

24576:0ZYmfphQybXGiL0yE3Xd0P/Z63iIYEr1z64WwOaPgz+SxoR:0SmbGiLhEtrBu41Oaoz+Sxw

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://217.197.107.204:443/e0bd9c1f4515facb49/gj28n35o.2n73x

Targets

- Target
  
  r
- Size
  
  1.1MB
- MD5
  
  77cf2336defde85457746d0daf89046c
- SHA1
  
  42487cec3eb28b02f5e4142a813fae62cc3f0017
- SHA256
  
  e637c03a7336a66aa36a68f34cefa959ec63132a72e84c3efe52ccb86e4a666b
- SHA512
  
  c8317a063116ec96e1020b929280dc5c4c9907885277df05d44504e564a7b719f219890269029a3faab44908d205109083f674fcd7e6d578072dcb6c9b903e4c
- SSDEEP
  
  24576:0ZYmfphQybXGiL0yE3Xd0P/Z63iIYEr1z64WwOaPgz+SxoR:0SmbGiLhEtrBu41Oaoz+Sxw
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer