rhadamanthys | 11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b | Triage

Sharing

General

Target

Oxfvbxp.exe
Size

2.9MB
Sample

241003-sfzfga1frm
MD5

53218d44298f406baefb2fd052eeb0ef
SHA1

afc422b48b829f29ee2cb95eb9d5139b788a1727
SHA256

11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b
SHA512

88b81da7e8d3665b0a41cd272c50318b8090dc3240d88020255f079df1373e2cf5fb9f0249320fb7346a52a29d20de42a4385f75e1cf91a12aa40786eae1a12a
SSDEEP

49152:zT8+dJPn7Vud6KGavAZXJgfx1HmwPKtWKbF1mIgZ+wau1CObHeIp3hPI4OH+Mfsk:38ROupbHeI7gf+MfA

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.209.161.207:2421/44194499adc4d2b753ee/bduh0f2e.ee92s

Targets

- Target
  
  Oxfvbxp.exe
- Size
  
  2.9MB
- MD5
  
  53218d44298f406baefb2fd052eeb0ef
- SHA1
  
  afc422b48b829f29ee2cb95eb9d5139b788a1727
- SHA256
  
  11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b
- SHA512
  
  88b81da7e8d3665b0a41cd272c50318b8090dc3240d88020255f079df1373e2cf5fb9f0249320fb7346a52a29d20de42a4385f75e1cf91a12aa40786eae1a12a
- SSDEEP
  
  49152:zT8+dJPn7Vud6KGavAZXJgfx1HmwPKtWKbF1mIgZ+wau1CObHeIp3hPI4OH+Mfsk:38ROupbHeI7gf+MfA
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

behavioral3

rhadamanthysdiscoverystealer

behavioral4

rhadamanthysdiscoverystealer