rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

InstallerSetup(Full).rar
Size

62.4MB
Sample

241005-dy66pssfmp
MD5

f2c2fb21d1817f8a49ec2791ca6fd5c0
SHA1

158b07009932a14081b304b2b1024647ec3fa0b8
SHA256

2d199b6deefc27ba6844d4384c7490a716a0da476102940f219f62f8c7e8fdcd
SHA512

7531d093f98e0883df027b4219de073eaf62da04c2fd75bab683be2419ce12060b6de8e0016eda97987d2c946b45909f7d98ea620ce1b3a45f27edb90eab7591
SSDEEP

1572864:rZ+wmXmoMuxjnlcsEmip+owfPOA3E9tujXchxu+37jXv48VdVQ:UXxblHEmipbC2A3mA4t7j/48y

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://185.184.26.10:4928/e4eb12414c95175ccfd/Other_5

Targets

- Target
  
  Add/Leaf.xNet.dll
- Size
  
  129KB
- MD5
  
  ea87f37e78fb9af4bf805f6e958f68f4
- SHA1
  
  89662fed195d7b9d65ab7ba8605a3cd953f2b06a
- SHA256
  
  de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
- SHA512
  
  c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
- SSDEEP
  
  3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO
Score

1^/10
behavioral1 behavioral2
- Target
  
  Add/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral3 behavioral4
- Target
  
  Add/Qt5Widgets.dll
- Size
  
  4.3MB
- MD5
  
  f697ffc85fb86d72654c4f5ba4e1bdc2
- SHA1
  
  670657f598d408ab232dec75be6fc7983bc5ce4b
- SHA256
  
  400fa69aa8803f6c3a6f9a5fc956475d0396095c4b6d4665b7aa29bbcb8e3640
- SHA512
  
  47513892c22a193c51ecf09c8f3e4c4271a92be33b7b7d535290ea75a1498c5531881a26a85dbf758361e6892abf12a796f1c5c284a34f1d173d61d2012325b7
- SSDEEP
  
  49152:Zhk8cs4FhK1FKBxR8Lcdm0OTqZ7uA/GrXHIaTU+cDZ0V37SUJ:7k8ymoBxKAdmL8yONaQi32UJ
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Add/libGLESV2.dll
- Size
  
  1.5MB
- MD5
  
  aebbd25609c3f1d16809c02f12e99896
- SHA1
  
  7675d0f61062490b8c7043a66a8d88d5d147f7a9
- SHA256
  
  6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c
- SHA512
  
  a441ae0fe98ae39ed7fd1feb410bcac3aba9179242c62166190926588b97e11f0a3442d0619c6a2f6070e336a82d7fcabeb89461ff15fe878da13f2a57710f87
- SSDEEP
  
  24576:IGyEmXb3NBT+BZDQnVjDuBy8aTnilzT8QreNdJU8GAeZRyRWh:I8mr3OaDVXnilcQreNdJU8GOWh
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Add/ssleay32 - Copy.dll
- Size
  
  270KB
- MD5
  
  df38eb2002e5979e57babf8b4f6a2f82
- SHA1
  
  219d5837f6461688122d637bf67f041fc6c19aac
- SHA256
  
  5c2f10a772edfbeef8a5261b8677e68c4194cb87f3cb9bc319c8da75cfaefa3f
- SHA512
  
  da4b6ec820f5886102577a7e98187ed45165ee5373504fb4f610cfb47eb2ad6e0b75d868464df4ee8b97f506c2f493a1d3bf029c184c08b311dbc1b76c2a37f6
- SSDEEP
  
  6144:0xnT+R40IInTyFxvYlBtCikIK3gb/VuLXyJxm11VMaorgpa7ivoQXoYwWAaHeeT6:6nKR40IInTyFxvY3tCikIK3gb/VECJxD
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  Add/ssleay32.dll
- Size
  
  270KB
- MD5
  
  df38eb2002e5979e57babf8b4f6a2f82
- SHA1
  
  219d5837f6461688122d637bf67f041fc6c19aac
- SHA256
  
  5c2f10a772edfbeef8a5261b8677e68c4194cb87f3cb9bc319c8da75cfaefa3f
- SHA512
  
  da4b6ec820f5886102577a7e98187ed45165ee5373504fb4f610cfb47eb2ad6e0b75d868464df4ee8b97f506c2f493a1d3bf029c184c08b311dbc1b76c2a37f6
- SSDEEP
  
  6144:0xnT+R40IInTyFxvYlBtCikIK3gb/VuLXyJxm11VMaorgpa7ivoQXoYwWAaHeeT6:6nKR40IInTyFxvY3tCikIK3gb/VECJxD
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  InstallerSetup.exe
- Size
  
  68.1MB
- MD5
  
  9ce5da2670c3f3105dccfd2a7a8b8ea8
- SHA1
  
  7ea79e80b932fb1d5bb90f8aa2177891fffd11e9
- SHA256
  
  4bdbf8c72c59d5d804c4f3e128f1326a00c7df5822d341988737f5b74ccfefa2
- SHA512
  
  42d6ad0ca02e37629983b1b8da8caa8f4c5e4c930c67148901001f5888bcd9e198b6dd1ef6682e12f640ca286378fce67707f3bbcb4c019b6edb4ff1f284cd4a
- SSDEEP
  
  786432:Ysh10dBsh10dZsh10dCsh10dgsh10dTsh10dPsh10d8sh10d+sh10dFsh10dtshp:dkEksk9k/kGkakPkdkgkwkZk/k1k+k
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of SetThreadContext

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14