rhadamanthys | 741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19 | Triage

Sharing

General

Target

741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19.exe
Size

2.2MB
Sample

241006-bmek7sshld
MD5

8837df25aabc4fad85e851aca192f714
SHA1

c4fbd38356b7ee16eaf21deb83170bbcb0fe566a
SHA256

741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19
SHA512

93f712ae3ca726b090df270feb1421ea98778260b7fe309e06ac3887b396d3dc8ab41655ec7d15a57cac8b467cca0395a52ef965765a26c9597f6512fdad88e2
SSDEEP

49152:fIGHiuBfswUwl+GdRI2UET1SUvj0Ug6j9iuXWvpAqahtX8+34+vSVHstzn+qpEjs:fNCuBfZ4GdfUaj0UgM5WviXtT34+vBJV

Score

10^/10

rhadamanthys execution stealer

Malware Config

Targets

- Target
  
  741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19.exe
- Size
  
  2.2MB
- MD5
  
  8837df25aabc4fad85e851aca192f714
- SHA1
  
  c4fbd38356b7ee16eaf21deb83170bbcb0fe566a
- SHA256
  
  741cee2c6f6f8ee8a54923fa2a0c88085cede35bdc2e95b1b9f1800e894e6c19
- SHA512
  
  93f712ae3ca726b090df270feb1421ea98778260b7fe309e06ac3887b396d3dc8ab41655ec7d15a57cac8b467cca0395a52ef965765a26c9597f6512fdad88e2
- SSDEEP
  
  49152:fIGHiuBfswUwl+GdRI2UET1SUvj0Ug6j9iuXWvpAqahtX8+34+vSVHstzn+qpEjs:fNCuBfZ4GdfUaj0UgM5WviXtT34+vBJV
Score

10^/10

rhadamanthys execution stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysexecutionstealer