rhadamanthys | 876feac850e9030e3aff1b7bd69f85a613d21661e9350b7fa10dd263a61724fe | Triage

Sharing

General

Target

msvcp110.dll
Size

652KB
Sample

241003-r2zspatfnh
MD5

536bc1eadab8af8f052544cfcd5150ec
SHA1

ff3c9ee18e0e6f3f3a7b04e6c4c210d0adf29232
SHA256

876feac850e9030e3aff1b7bd69f85a613d21661e9350b7fa10dd263a61724fe
SHA512

33eae31cee1dd47e490111c7cd2fc0871e69b5a42fb24d807aa52b65ca9a6e457028ff8bea1ca2115a05f4ff99dd2c6c8075e3267d19b62b15087b437ca09d6c
SSDEEP

12288:vgQY+jL8MsthpNREymEG26+hbE64VJuzl8vr4JHdi7:vy5thpNRFxXblE67mX7

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/9dq0b1sl.pbl6a

Targets

- Target
  
  msvcp110.dll
- Size
  
  652KB
- MD5
  
  536bc1eadab8af8f052544cfcd5150ec
- SHA1
  
  ff3c9ee18e0e6f3f3a7b04e6c4c210d0adf29232
- SHA256
  
  876feac850e9030e3aff1b7bd69f85a613d21661e9350b7fa10dd263a61724fe
- SHA512
  
  33eae31cee1dd47e490111c7cd2fc0871e69b5a42fb24d807aa52b65ca9a6e457028ff8bea1ca2115a05f4ff99dd2c6c8075e3267d19b62b15087b437ca09d6c
- SSDEEP
  
  12288:vgQY+jL8MsthpNREymEG26+hbE64VJuzl8vr4JHdi7:vy5thpNRFxXblE67mX7
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer