rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

CCleaner_Pro.zip
Size

31.2MB
Sample

241003-sfw1cavdne
MD5

d9e89548a203c6cea819e6d654c13c9f
SHA1

623ff72abf56b71f79b6978846c4605e4f064910
SHA256

91d2a52f3ccc94057ef09bff7a5591271aef63f04029c48b7a28cd7240e601b6
SHA512

7fb3974dece415b68f49f10a65e2d5f270e883509cd5119bf5679086adb3991262228f7fe50325014556a096328de56caaa3d21da47cf686e4a7b6acd2f9d3e1
SSDEEP

786432:8EUrpJpScjZUDNA9rtQy8RW6E4AYTIHjLwO9loKc95:8EUrrp7jZwNgiFBEBYmPwO9lodP

Score

10^/10

Malware Config

Targets

- Target
  
  Launcher.dll
- Size
  
  2KB
- MD5
  
  32e7556ff4f5256d15e1fc843cee5e3d
- SHA1
  
  b7283061428e9ca741c26dcfc3e869e2fc699f0b
- SHA256
  
  b2f5dfcba2018e9b4314c245f6391783bd3717fe02fec3e6edf1b9d1a3801278
- SHA512
  
  d39ca3fd8edb7db7e19655ea3aa69d8b0a4008514ed356808b59f7cdf4c109b7efd0ed54f6ea099d37b33f107f234adc4f01a178c90961e88d3c9ed7a8ebe40e
Score

1^/10
behavioral1 behavioral2
- Target
  
  Launcher.exe
- Size
  
  364KB
- MD5
  
  93fde4e38a84c83af842f73b176ab8dc
- SHA1
  
  e8c55cc160a0a94e404f544b22e38511b9d71da8
- SHA256
  
  fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
- SHA512
  
  48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
- SSDEEP
  
  6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2
Score

10^/10

rhadamanthys discovery execution persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  data/appInfo/services/Launhcer.dll
- Size
  
  2KB
- MD5
  
  7de0541eb96ba31067b4c58d9399693b
- SHA1
  
  a105216391bd53fa0c8f6aa23953030d0c0f9244
- SHA256
  
  934f75c8443d6379abdc380477a87ef6531d0429de8d8f31cd6b62f55a978f6e
- SHA512
  
  e5ffa3bfd19b4d69c8b4db0aabaf835810b8b8cccd7bc400c7ba90ef5f5ebd745c2619c9a3e83aa6b628d9cf765510c471a2ff8cb6aa5ad4cf3f7826f6ae84a3
Score

1^/10
behavioral5 behavioral6
- Target
  
  data/appInfo/services/Launhcer.exe
- Size
  
  364KB
- MD5
  
  e5c00b0bc45281666afd14eef04252b2
- SHA1
  
  3b6eecf8250e88169976a5f866d15c60ee66b758
- SHA256
  
  542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903
- SHA512
  
  2bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387
- SSDEEP
  
  6144:+pS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYql6wrEJWPYg:+p8KLBzQ7Lcf3SiQs2FTTql9unNrkv75
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  data/appInfo/services/WinRAR.exe
- Size
  
  2.1MB
- MD5
  
  f59f4f7bea12dd7c8d44f0a717c21c8e
- SHA1
  
  17629ccb3bd555b72a4432876145707613100b3e
- SHA256
  
  f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4
- SHA512
  
  44811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c
- SSDEEP
  
  49152:2oJAPtSHWxwJWzkDVkwg5NYUzNjteyUHBdH3y005:2ZAHWSxkfNNte9BpCN
Score

4^/10

discovery persistence
behavioral10 behavioral9
- Target
  
  data/appInfo/services/data/Launcher.dll
- Size
  
  4KB
- MD5
  
  81c37a299ffaca00d04ba285c11fbef4
- SHA1
  
  a48a395894d9c9f64a8c6b7bb614b23554dc2de7
- SHA256
  
  55376b4b920acc1ccf1971e51e855d059eb65c7e684d49d0142d01937ae97d8d
- SHA512
  
  60ed30599986e6b4e923e765ff2518b3467276897382bdd0699513a36e005c2e9c73f0067153f39a5189f3e0ca39fbd0b41f73d9dc014b464bb7d759957edff3
Score

1^/10
behavioral11 behavioral12
- Target
  
  data/appInfo/services/data/Launcher.exe
- Size
  
  364KB
- MD5
  
  93fde4e38a84c83af842f73b176ab8dc
- SHA1
  
  e8c55cc160a0a94e404f544b22e38511b9d71da8
- SHA256
  
  fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
- SHA512
  
  48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
- SSDEEP
  
  6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14