rhadamanthys | 4ac85f0efb434a89240a3c978f564e827976fdf0da14cbb5af9cdc931ab8994a | Triage

Sharing

General

Target

4ac85f0efb434a89240a3c978f564e827976fdf0da14cbb5af9cdc931ab8994aN
Size

5.5MB
Sample

241002-rn847s1arq
MD5

aa8e8c3357b85d7fd70a8be957565eb0
SHA1

e4c316308d13eb6526159d9f6c47fcbbd76abe23
SHA256

4ac85f0efb434a89240a3c978f564e827976fdf0da14cbb5af9cdc931ab8994a
SHA512

a2253dd97f28fd14a8de9f1d6e9acb731707e0af7dd62760d66cd39fe9c7b5ae7177fd8ba06d8a5e48be4dda3938840c2e3abe22ac52b2a4c2f3c7c944b5f249
SSDEEP

98304:L6WUz+vUp6vdQDFUJ0t3an8NEaC+H89yM1dXLoarPDgIFZoP7cJcL4BM2s7DLubu:eWNcp6vdODt3a8OaC+H7YFPfDZoPgOL9

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://95.216.91.91:1614/a184ab61761639/o7mcufhd.54f7i

Targets

- Target
  
  4ac85f0efb434a89240a3c978f564e827976fdf0da14cbb5af9cdc931ab8994aN
- Size
  
  5.5MB
- MD5
  
  aa8e8c3357b85d7fd70a8be957565eb0
- SHA1
  
  e4c316308d13eb6526159d9f6c47fcbbd76abe23
- SHA256
  
  4ac85f0efb434a89240a3c978f564e827976fdf0da14cbb5af9cdc931ab8994a
- SHA512
  
  a2253dd97f28fd14a8de9f1d6e9acb731707e0af7dd62760d66cd39fe9c7b5ae7177fd8ba06d8a5e48be4dda3938840c2e3abe22ac52b2a4c2f3c7c944b5f249
- SSDEEP
  
  98304:L6WUz+vUp6vdQDFUJ0t3an8NEaC+H89yM1dXLoarPDgIFZoP7cJcL4BM2s7DLubu:eWNcp6vdODt3a8OaC+H7YFPfDZoPgOL9
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer