rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

grewgrwegrwgerg.zip
Size

105.3MB
Sample

240926-krcrvaxgkr
MD5

2729006ef77840dcfe5c09cf65c140ae
SHA1

b4214ac9d95d1dc3c3c330b99dff2a6f29364236
SHA256

7c4d18253a31342fcc83a7f7748ba843f6ee00bff18b9204a4e9c447919fc989
SHA512

b629dfdedf5165b5e1381c9673171a7e16b3d3cd3ce8e4f29c99d0d8e1646f82f3a6de03ea314aae557a276c4bec1355ec8003189c5166e55f242899fccffa97
SSDEEP

3145728:KzOKlEsLrPj13xTycB+44cGODfPCOCrwV:KzOK97tx9+L0iOCrK

Score

10^/10

Malware Config

Targets

- Target
  
  grewgrwegrwgerg.zip
- Size
  
  105.3MB
- MD5
  
  2729006ef77840dcfe5c09cf65c140ae
- SHA1
  
  b4214ac9d95d1dc3c3c330b99dff2a6f29364236
- SHA256
  
  7c4d18253a31342fcc83a7f7748ba843f6ee00bff18b9204a4e9c447919fc989
- SHA512
  
  b629dfdedf5165b5e1381c9673171a7e16b3d3cd3ce8e4f29c99d0d8e1646f82f3a6de03ea314aae557a276c4bec1355ec8003189c5166e55f242899fccffa97
- SSDEEP
  
  3145728:KzOKlEsLrPj13xTycB+44cGODfPCOCrwV:KzOK97tx9+L0iOCrK
Score

10^/10

rhadamanthys discovery execution stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
behavioral1
- Target
  
  PDFMLotus_Lcppn.dll
- Size
  
  2.2MB
- MD5
  
  ce4e1ae47de1b7da4131f9aed713387a
- SHA1
  
  da8a4c495616c8d580dc43912e36d7add2d8d3e6
- SHA256
  
  e28e0257545b440168ffd754d50f9b7959bebb943a18838cd714615e471b7f69
- SHA512
  
  b9e3ec0a31c219aa36c42d2776e7c8271c0acb2febf116083d8eb8a7098d03cf1c87c59b449dfc4e8312f89801e7bb2dde9652f44ced94a918fdfac9f59905eb
- SSDEEP
  
  24576:1slQ7yhtTQEw01caBGwrWAC5LnJxWncBvvbY0Lqk4vnGbiG:10/whCGwqAEloO00L2vnGbiG
Score

3^/10

discovery
behavioral2
- Target
  
  PDFMLotus_PDFMLotusNotes.dll
- Size
  
  1.3MB
- MD5
  
  8d8376dd7e2dc4556352471c303922e6
- SHA1
  
  734816a7a7268a0121d7163ba028a64e50b9593d
- SHA256
  
  dd455541d1e8de26de7ef8e5a8bd647d32c713e6ac5e25edbba2dd5c4827eca4
- SHA512
  
  d6c146a2d37f285de8ecca2f17ab317daf6d37f8b2944d411e19e25105fc1828c85138bc5750ffa45fe36ffe71efa42cc4392a3872bc49e0859735ccd42b1dcb
- SSDEEP
  
  12288:eqmNZvYNIc1y1PZjIWezFRu6Klw3Djm21b93WTKls2nrqamTHaTyyt8l15ZjBKN:SZfhjIZpRkwJN9GTKHNyyWl15ZjBE
Score

3^/10

discovery
behavioral3
- Target
  
  PDFMLotus_ndbPDFML.dll
- Size
  
  105KB
- MD5
  
  447e47d2c458e7c96d88e8ef9470c5a8
- SHA1
  
  18d80e6976462db1276aa60b1f3b7d8948f96f75
- SHA256
  
  01529e6dae2852b4a0f7c915130aac9d7385c516cef0882d6c63d293b7bd5010
- SHA512
  
  d23eff8b6675924fef4e4db6ae1557345ae87a9b47ead587656e1088f6f13ad823424c0c3f8c1d16baf1bec88eef6c0711842b99f0469207f4aff6ac715db7f7
- SSDEEP
  
  3072:nnrh1QwKT7UXxFZofaMb9CJ+zx9b1uY1uChAwYSrQQY5AF:nPeUXaHbQixp1uY1uC1i/5AF
Score

3^/10

discovery
behavioral4
- Target
  
  PDFMProject.dll
- Size
  
  121KB
- MD5
  
  a3451c21e82d636b40a4034e0b7e0612
- SHA1
  
  376f2302cc4508eebb8dc7769beb8c7ec3aced09
- SHA256
  
  e5c0ae69585f0e58f5f70ea871166be4b74cd4adb662f9bb82d5d851c0a3c096
- SHA512
  
  17e7d6a41b490e7e9cf6f759b6f1bd206f2ed3b9e40a06a85f9bd9aff151303a940fe6d51aa3dfc774e235f12c708747754785918cfac3c412fbde298835fcbd
- SSDEEP
  
  3072:KWQ9T4DzEzaOg++aCJtnKGNLg2gD2tsj6BoQc1sKRdEeXt23zIPk3Ib1e427COax:KfToV8+vg2gH1sKRdEeXtTRMP7TtZ4nz
Score

3^/10

discovery
behavioral5
- Target
  
  PDFMRKEX.PS1
- Size
  
  6KB
- MD5
  
  8f1cf4abc37c97f552313333f007eca8
- SHA1
  
  08c3c6cb4fef9b78d9089491e0a2ee2fb64a6aa9
- SHA256
  
  326e8b613b14e5e8467e3c25946e4cfe9c243eb8a2b5ecf7e0dc0580da4fabd0
- SHA512
  
  dac479779a23bfde09515b010d9c5ea9fdef3f081ce44f871e49770b94e8f643f78672269f8be264a72e99344900acfa769aa2b66282bfd6d81f2dfc6d19f0e3
- SSDEEP
  
  96:2iG5bLK4rEX8Ie8O7q2a8zTQhoJhFe5QBM+CtTf4Xg/p:FGN24rW8d8O7xa8zTZNtBAfz
Score

3^/10

execution
behavioral6
- Target
  
  PDFMVisio.vsl1
- Size
  
  2.4MB
- MD5
  
  bc85f9e09a7f100283e1216c4424b025
- SHA1
  
  446e0efa7c775fc86ed0760e7ad135cc58e462de
- SHA256
  
  9b327b19e1ed875d37a5c04104ad9c4d9c6077010b71dfb23a5434665b9485be
- SHA512
  
  ccd286528e965be3bdf61d8ca07b86034c932b2b84c7499f7f2b54f806aadf800ac78e48e9e40760cee2acaee67b205b270820faed0976f16eaeda8856e4c5b9
- SSDEEP
  
  49152:IslQ9NuV4p9T5uGLeYoDQ1O+QtD9GX7eTA/TWOHnvAX:5KNuVIt5uGKjDQ1ORtD9GX72A/TWOHv
Score

3^/10

discovery
behavioral7
- Target
  
  PDFMVisio.vsl17
- Size
  
  2.4MB
- MD5
  
  bc85f9e09a7f100283e1216c4424b025
- SHA1
  
  446e0efa7c775fc86ed0760e7ad135cc58e462de
- SHA256
  
  9b327b19e1ed875d37a5c04104ad9c4d9c6077010b71dfb23a5434665b9485be
- SHA512
  
  ccd286528e965be3bdf61d8ca07b86034c932b2b84c7499f7f2b54f806aadf800ac78e48e9e40760cee2acaee67b205b270820faed0976f16eaeda8856e4c5b9
- SSDEEP
  
  49152:IslQ9NuV4p9T5uGLeYoDQ1O+QtD9GX7eTA/TWOHnvAX:5KNuVIt5uGKjDQ1ORtD9GX72A/TWOHv
Score

3^/10

discovery
behavioral8
- Target
  
  PDFMVisio.vsl2
- Size
  
  2.4MB
- MD5
  
  bc85f9e09a7f100283e1216c4424b025
- SHA1
  
  446e0efa7c775fc86ed0760e7ad135cc58e462de
- SHA256
  
  9b327b19e1ed875d37a5c04104ad9c4d9c6077010b71dfb23a5434665b9485be
- SHA512
  
  ccd286528e965be3bdf61d8ca07b86034c932b2b84c7499f7f2b54f806aadf800ac78e48e9e40760cee2acaee67b205b270820faed0976f16eaeda8856e4c5b9
- SSDEEP
  
  49152:IslQ9NuV4p9T5uGLeYoDQ1O+QtD9GX7eTA/TWOHnvAX:5KNuVIt5uGKjDQ1ORtD9GX72A/TWOHv
Score

3^/10

discovery
behavioral9
- Target
  
  PDFMVisio.vsl6
- Size
  
  2.4MB
- MD5
  
  bc85f9e09a7f100283e1216c4424b025
- SHA1
  
  446e0efa7c775fc86ed0760e7ad135cc58e462de
- SHA256
  
  9b327b19e1ed875d37a5c04104ad9c4d9c6077010b71dfb23a5434665b9485be
- SHA512
  
  ccd286528e965be3bdf61d8ca07b86034c932b2b84c7499f7f2b54f806aadf800ac78e48e9e40760cee2acaee67b205b270820faed0976f16eaeda8856e4c5b9
- SSDEEP
  
  49152:IslQ9NuV4p9T5uGLeYoDQ1O+QtD9GX7eTA/TWOHnvAX:5KNuVIt5uGKjDQ1ORtD9GX72A/TWOHv
Score

3^/10

discovery
behavioral10
- Target
  
  PaperCapture.api
- Size
  
  322KB
- MD5
  
  8e225e45468f42fa2b0115015474783e
- SHA1
  
  271260af048105373ef9edb951c58a8b3f90810b
- SHA256
  
  b2700c346336e533ed6726b87ed058ffeee501c1369bb12500ffb9d540b9d2ec
- SHA512
  
  03a49639757033968c78e7b47a1daea2d07402b1369b78790fda9a0de53401a9de49d5ee457c49c9e382d8510c8a1f2d105085a780a3dcec291883cff2038580
- SSDEEP
  
  6144:m7NVPbu+7RAkW3WQY9OV+13/bv4zTiU7o49gslBJ8/fhdcUTr:m7NVPbu/OQY9OVVFp9HlBJQpJ
Score

1^/10
behavioral11
- Target
  
  RUNFILEX.PS1
- Size
  
  1KB
- MD5
  
  1682b94c4a15ce3467f8eed8790e102a
- SHA1
  
  0d56e6dea2eb188ad9525aa7793670cbe02ff91f
- SHA256
  
  5cf97ff6f192b26286adb7deab9e59a51b26e4c82a530013179124d15a914d4d
- SHA512
  
  c17cc3781075794eb0bbb9d07d6618d7a0a81c395f5998c8cf4302b4e84d0ae40aca8e1db0fd2a8e7e93a8ec80692173c27a129fcb23a44fa908e03b3368ca42
Score

3^/10

execution
behavioral12
- Target
  
  SelectPageRange.ocx
- Size
  
  162KB
- MD5
  
  9d11ba410b4946b04966554be6973191
- SHA1
  
  dad726c86dca4d023cd094ddd833ab299fa6dff4
- SHA256
  
  92edae0bdd7967b32951d0b64aa6fc4070b4e0f383afacb82f978835da1e6b7a
- SHA512
  
  17bf0a786428ad9ea141b4a03b47b3bc0d7b54c7c2b3f27b0f1ce6784972dd51424a6c18585f86ba0ac69ac2504a3fbba43777086e8e5fff1ebb5a6f483a1786
- SSDEEP
  
  3072:UmYH9GpsCQ9hxfdH8C81FXHifw/Xqa2jr0XSGpoz39dNB:Uwy1mC8rKRRGOzXNB
Score

3^/10

discovery
behavioral13
- Target
  
  acrobatacadic.arx
- Size
  
  411KB
- MD5
  
  1d9ccd6dfad37222cb48d5bff5494755
- SHA1
  
  ea9b48cfb869e614f5d756b8eab7bb47906b5615
- SHA256
  
  ce84025314b93b36066e703902106e6e9b07aa797436a6fb178564ead961839a
- SHA512
  
  73214576170d1e23138a2406b9f29b49b51d1924852093f1c36f1655c299aec13079ab692dcc1246dc6a13b5523b22a1648dffdce2279e26043cc9564fa4b4b5
- SSDEEP
  
  6144:781P/CYNhUv54zzQQ/tuetkrFizZ9+c6c2mO3N2gdYEQg:7SFNhqetuetaFA+jc2XxL
Score

1^/10
behavioral14
- Target
  
  acrobatacadic.arx1
- Size
  
  411KB
- MD5
  
  c8635c4cf00417384bc1fce6854001c3
- SHA1
  
  b668a031210f8c7175dabcc7b7cfbff7d65ae0db
- SHA256
  
  fb3f1e2760021be403ece8de6fdeca8ecf8b6b1520ff0631e0d78f4bf1012f1a
- SHA512
  
  84f429c937e99b113f8ec8c00253d432d7b5ad2b5dfd81b04755eb437fed685386d17d62a6f00480e1b57a5ab5b6125638fad82ad7e6d86070ab3d0056a4b8de
- SSDEEP
  
  12288:VLGgXK0QMbuD/BvW8WXctI2Cd8MwyBqY0DO:VamLaU8WMtI2Cd8MwyBq/
Score

1^/10
behavioral15
- Target
  
  acrobatacadic.arx11
- Size
  
  360KB
- MD5
  
  3e5ec233da4c120f9d59d1925d07416e
- SHA1
  
  80ba0f47450aec603bf8485083095879ba75ab55
- SHA256
  
  0e3e01ef90e96dbf4fde88acd087f9b821ca0e540b99883ff177150176c3b6f3
- SHA512
  
  1112a94e492e36221389fdff6e6b98345a78e608800d746310f963c312ec3307b889aa96321b2edb356f41ddfd380dc5e3130e200a9c6ee14bd67f5a9181ece9
- SSDEEP
  
  6144:vYQK9DFYS4joFUkGas6VmhgeE5eNeDPnzSrd1h25gtf:wQEBm3A2pdYPnMr
Score

1^/10
behavioral16
- Target
  
  acrobatacadic.arx3
- Size
  
  407KB
- MD5
  
  0691ba19072715979f424fe2181687d0
- SHA1
  
  ea5285476c65dddfcfb8c0ca5a34589c4d393b27
- SHA256
  
  f2118c8c8192d87134f30d5f8edd8f91d8e2dabe03e014bf6ebbb2e6f4c906e4
- SHA512
  
  e7ff8c0e0ac1b6c749edc42ab872d2698296beec1ae3f869084089e870dfb8abcbdf1257f580afab52d1260d6f60b269152e2dbe2416cb2d9bfe5d7cd8c26017
- SSDEEP
  
  6144:7Ofe88ibExH0B3wP/aJUgau9XGUWjYKb/G2DrvM7anOFUp3RI0P9/7JDWOlF/mdS:KFEx83wPSJ59XHib+Crn0o
Score

1^/10
behavioral17
- Target
  
  acrobatacadic.arx4
- Size
  
  407KB
- MD5
  
  2681daac80ed3dbca9177d543457bc82
- SHA1
  
  931fdd9bfe5b74a5431df19bcfaf66ceb22bc2ce
- SHA256
  
  ad130985dc4441e84d84106dbea131b232152b1ee5d2f4ee0c14e37fae8caa0e
- SHA512
  
  2418248d5385e7138ce73428e4b3846636288c980758b8d1c80467b4903ae3059bad8c7c031ce579ba592a16a41979d76da33bcd63d820b0592acc8528d08c3a
- SSDEEP
  
  6144:7Qfe88ibExH0B3wP/aJUgbu9XGUWjYKb/G2DAvM7anOFUp3RI0PP/7JDWOlw/IdO:wFEx83wPSJS9XHib+CAVJE
Score

1^/10
behavioral18
- Target
  
  acrobatacadic.dbx
- Size
  
  1011KB
- MD5
  
  5e785d03b3c31f922283373d5624da6c
- SHA1
  
  7751416c491a97a644c9baa90aeb255f64082bf0
- SHA256
  
  bc5494c07d6c759e31b0a5325038d33d79083ddc6af6d1437c8f74d2a52ec9ff
- SHA512
  
  34383fabcf298dab4e92893ccbc3e5c6d7bbacd7476a10fe75c0aa46ee0e2c2f5e659d4b57ce5dffa2471c2fd9d9b27b58c44670ccb252bc0573c22e75e6ace8
- SSDEEP
  
  12288:jYmwisZte5+21uJhibCE68Ou+O/MhLyJw52Sd/Wsbn5/:kmwisZte5+21ud5hLH55/WG5/
Score

1^/10
behavioral19
- Target
  
  acrobatacadic.dbx1
- Size
  
  1.2MB
- MD5
  
  1e8d86fd91a881c42066a3f172e34566
- SHA1
  
  d572a2c7fdf1090ccb61b766126a19860203fbbe
- SHA256
  
  03a2625bf272ef925f2326ea8382025e7a0975e8aa962d1fec927f8e42289509
- SHA512
  
  cf9acd107dd14dd8f7185115cf9b3cecf73574f2c16e27b6d998473e35de2be3866a4b033c693a52e7a1b0105891c714ff7f59a5233c20a4b91b542ca1a21547
- SSDEEP
  
  12288:QhhQL1WCGPOAgkI7B1lbweX/ayp5xRG35Ivq1AvOgJvAIS3:QhhQL1WCGPngBL9Xy6XRC5EGgJk3
Score

1^/10
behavioral20
- Target
  
  acrobatacadic.dbx11
- Size
  
  1.1MB
- MD5
  
  67798dae7b5125369e6e2f5cfc6c4990
- SHA1
  
  1693b6c7eeb68f5bbdb853c12f2840a9e8405caa
- SHA256
  
  4e20966f2da6bc142543adac058833da83f036cbb126349a0b32db5a8c1f2665
- SHA512
  
  0aaaf1a63bcf8a9c558ef3ca4f67f9b14517bc79dc8d01cd584edbf4d0209d31800beb0faf047f9601d61947ab825b1ed927311bb6b9d98757935adb654c7c27
- SSDEEP
  
  6144:aigqLgiaYpzdhEt1pwzrQT+dqNNHMYBQkeY4bDW9UtawBzsAZm2bdhaSthzeed9a:aigqLNf/y8EFUtZJd9vLI58Os373xk
Score

1^/10
behavioral21
- Target
  
  acrobatacadic.dbx3
- Size
  
  1016KB
- MD5
  
  8776a7a8b45444a745f6aa441b8f89c3
- SHA1
  
  1ea7a0366729cd9fc78579d3eb464d6570f6af27
- SHA256
  
  1cd96f75b0a5b4d48637d41b1def136ec5a18e31e63f53b6fc55740f4a5738f1
- SHA512
  
  723f7714fd891dfca12ac07b52bdb76a3dc23d08148de74f5312995f848333f478f17d896168eac0da98c101daa1754bc059582629b1793ff74ab5120f68cc61
- SSDEEP
  
  12288:qEpfay/2UCpGeb5RkwP6WtXGOus+oYCAZpV5NHaHwX:qEpfay/2UCI45XP6NObYCw52
Score

1^/10
behavioral22
- Target
  
  acrobatacadic.dbx4
- Size
  
  1016KB
- MD5
  
  a95fe70e898180e979546b280cdcf4d2
- SHA1
  
  572259ccfd20b06132e21c6f31106c385d4b0dfe
- SHA256
  
  fc1e32848c0aa0f7b5047868c277f892b3918289992871c861493188b7d964de
- SHA512
  
  53eda00e6199dddf24303b78527ef182935fb490e0cd9ccab9394d957842fe0e37bc696b0791a524d45dc32560e056cfade9945939d78265696e93eca51cd6d1
- SSDEEP
  
  12288:0Elu3bdt5ceRQuHemZAHLMKezVmkju/I6AW+M5r3SuX:0Elu3bdt5ceRLHXiHezVAQ6N5ri
Score

1^/10
behavioral23
- Target
  
  acrobatacadicribbon.dll
- Size
  
  31KB
- MD5
  
  908dd1bbd7759aa0bce2e853a73f95d3
- SHA1
  
  0291233a51a27747513b60038bcb7981fb572843
- SHA256
  
  7e6db88e785ab6004058773b8d56310e91dd8f7dad8c75914ad9757b98db17d8
- SHA512
  
  f80822f2f5e1a6dc81c55ae06cec5bd1b854530be7ab60bed27332c676d56e38971cc3e44cd518820442d59d118f8e430857ad7911263c5362bf1507c5cf22b6
- SSDEEP
  
  384:c5923yED9YMm5lLBSUYRNKhOb4gVLlgckixJ9/npqk5gZsHLcR31fhbg:ceiED9bm5lLBARNUlS9Ppt5RQJh0
Score

1^/10
behavioral24
- Target
  
  acrobatacadicribbon.dll1
- Size
  
  31KB
- MD5
  
  d05094ff96f416a6b993b146e26644ba
- SHA1
  
  51968858afeb985c4ce3b980e717590561c5e960
- SHA256
  
  046b1a4df2af44c9819c7e14618574dd1dbbe93c622ebd62efa217ee3f1c2b2a
- SHA512
  
  762a7e2dbbb1eaae2fc13af2b10b2bf622f16ad81e8ae36fc41a9c5ff1c81abf08dcca5636e74b671a1f5d4615991159aed0056e47007f206c3514b2d5c728d3
- SSDEEP
  
  384:CeZM5lzBSUYQN1hOb4g8xEXgckix9X/npqk5gZsHLoRqhn:CD5lzBAQNjvtUXPpt5Rsqhn
Score

1^/10
behavioral25
- Target
  
  acrobatacadicribbon.dll11
- Size
  
  31KB
- MD5
  
  39c03818234812d5a1eead7227cb5d07
- SHA1
  
  597eb252945c9998f6ffbe57ff526aee81af3d69
- SHA256
  
  d4d056040a3c9d0c749edaf7f113332456f5c30524c3b7279eba998f1559bf65
- SHA512
  
  8e919f643c83ddb7a041a3228161f7fdb4364f014c8e7ea9ad6bdadf7f877de6a60ea4834a19da02c98c2f705648abab79a323ad2be653e747a4d644863ccf11
- SSDEEP
  
  384:5eZX5lzBSUYQNI2hOb4g8Lmgckix9N/npqk5gZsHLoReV5hRj:5I5lzBAQNBlUNPpt5RseV5hJ
Score

1^/10
behavioral26
- Target
  
  acrobatacadicribbon.dll3
- Size
  
  31KB
- MD5
  
  a43527db20b1e7f2a848a4869b2a1f97
- SHA1
  
  a923ecdd42258cf54c8b251799283849e7935bf9
- SHA256
  
  eec31ee18c4197e80bc6965d91c8febcf9eba7634df8f7f46819dce87e64c9eb
- SHA512
  
  42e63f7bc44e276c7bc1bbd3477cdf64294c4ce00c0c08b0a55369cd2ef2ee206caea96bc18a1f3fa449ba287e26e5423ba88ddfd330a557a151c43fc9368980
- SSDEEP
  
  384:i592XyED9Y825lrBSUYRNYhOb4gvo1gckixZK/npqk5gZsHLcR+fShTI:ieCED9z25lrBARNGU6KPpt5RQdhM
Score

1^/10
behavioral27
- Target
  
  acrobatacadicribbon.dll4
- Size
  
  31KB
- MD5
  
  1678d5476705274457e2d473ac63746a
- SHA1
  
  52eaa3f6e3d8a9cffeef11f998baa13eb586315b
- SHA256
  
  cbe4f2b1f040a4cc9f610c9b07f024484ce83ae91242e191669612c24b3f8a66
- SHA512
  
  97b185438b9c3e2492f33b0c384c837a46238c9339fe4d0e5c990d568f1be202f0a197dbf0f6af494cf456eb554d581886fa7be5a2db03ba372df8a9f288835a
- SSDEEP
  
  384:4592XyED9Y8r5lrBSUYRNchOb4gv+cwgckixZc/npqk5gZsHLoRlohz:4eCED9zr5lrBARNy46cPpt5RsShz
Score

1^/10
behavioral28
- Target
  
  acroiefavclient.dll
- Size
  
  315KB
- MD5
  
  a18fc1885b20c9cf35e6acf7ea2455f6
- SHA1
  
  3729826fbd57f0855b4388f6385f7eabbe2b0f77
- SHA256
  
  5f05d58efe2f80c2ad8d6ccddf960039b9cf7c00b35910b49f9117f7b4b81c1a
- SHA512
  
  ac52c73a7c8f93f59e0e53e54e694ffe6f57c1f90d7d082fc92ad1d4223c8e1216a1b7714f53eda462209eaf3973b4e2a9904560953e47d8f1b47ebb047b4f5c
- SSDEEP
  
  6144:4rxfnVEOtHIhbMMVzqz+wBC8JnNY2HXiLs4XA2D6X4GjrYeORUTHP:GfVl95MVzazNNUXXA2D6X4GjrYeORUTv
Score

3^/10

discovery
behavioral29
- Target
  
  acroiefavclient.dll64
- Size
  
  347KB
- MD5
  
  4d35c8b107e4f9cd69d9acda8d7e5b1d
- SHA1
  
  6083cf1aa4f24290b0282ea135935e74f7ce4ea8
- SHA256
  
  2ac85b0ac7007147fb6dcb6adc6b0152d428cd2736927fa4f28ff297d0e49db9
- SHA512
  
  573e33298a8311d22b148d0b9813780e561ba5353b102862b40b4be662a24e82ebeda63645c64e0f5720bb40bc38dd9944feea205b58e6c098a10f47b906945a
- SSDEEP
  
  6144:dY+T4Elxe452IVsY0Btoe++KdhG8KbJSP22FX82D6X4GjrYU1:Gk52CsY0BtErd+uX82D6X4GjrYS
Score

1^/10
behavioral30
- Target
  
  acroiefavstub.dll
- Size
  
  146KB
- MD5
  
  0fa736eb66d39091d104eb4e543eebd6
- SHA1
  
  35cd26d4ab15fcdbda0adaf7dbcadf7fb1d25ff5
- SHA256
  
  544bc7638fa46f8a4f4f5b9888cf1828be82e3c8e9340a7a702905736887a9f3
- SHA512
  
  98edf4fe7cc4908aecc24fc111e899b94f351f3a6fb32d26017e141caf12a7b98698572b72ee9d3d2ac650f4085be5a2ebdf9812e22854d31971f8a1c357e23f
- SSDEEP
  
  3072:bRpbGi4NGR6XdikCy0+eSH6GGD2KaPkZaIweqwgdD2N48l:/ai4QsBJuyKaPeaIweqG28l
Score

3^/10

discovery
behavioral31
- Target
  
  launcher.exe
- Size
  
  35.9MB
- MD5
  
  d4eca6136281d617dcfac5bae3349e70
- SHA1
  
  c6941cd9df4f7db4bdf6bd163869016a2520d644
- SHA256
  
  0777bba437bc66725d3e00f17810a1dee973fef63808d3d14aa046503a5589a6
- SHA512
  
  a17b7bc6985304008649b8b6a009f675b3570e14a39e0073ea6cd00dca5ffecc0acedcc67f9c250e35b09d3c941540e74b338795f1cff12172c137d525afeb8a
- SSDEEP
  
  393216:i1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfF:iMguj8Q4Vfv1qFTrYuz
Score

10^/10

rhadamanthys discovery execution stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32