rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

AppSetup(Full).rar
Size

70.5MB
Sample

241009-mma4kavckd
MD5

164530b6e179cc1a1b5417e805165f48
SHA1

6e7950770c0b2195cb021b4ac2720d8d6ec98f69
SHA256

4c403a03cf490252f38fc7791cf2713141d4da22191a1c5667ee6880a4f97b78
SHA512

e6cfa323e0455d58bb9c3a24fe864d13d49e3936eb3f4fcd029b3af25dbb868b69d30ae04f1e8db8a367440a2edbf028f5f553a02f4d41793d478654be846f37
SSDEEP

1572864:ay2Cw3jnMfFCbOCYKXXDUxG7nykzTvlaM9GLR1c5RhHfW+f:a3PTnMRdKXw0TykXvgrurHO2

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://185.184.26.10:4928/e4eb12414c95175ccfd/Other_5

Targets

- Target
  
  AppSetup(Full).rar
- Size
  
  70.5MB
- MD5
  
  164530b6e179cc1a1b5417e805165f48
- SHA1
  
  6e7950770c0b2195cb021b4ac2720d8d6ec98f69
- SHA256
  
  4c403a03cf490252f38fc7791cf2713141d4da22191a1c5667ee6880a4f97b78
- SHA512
  
  e6cfa323e0455d58bb9c3a24fe864d13d49e3936eb3f4fcd029b3af25dbb868b69d30ae04f1e8db8a367440a2edbf028f5f553a02f4d41793d478654be846f37
- SSDEEP
  
  1572864:ay2Cw3jnMfFCbOCYKXXDUxG7nykzTvlaM9GLR1c5RhHfW+f:a3PTnMRdKXw0TykXvgrurHO2
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Add/Leaf.xNet.dll
- Size
  
  129KB
- MD5
  
  ea87f37e78fb9af4bf805f6e958f68f4
- SHA1
  
  89662fed195d7b9d65ab7ba8605a3cd953f2b06a
- SHA256
  
  de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
- SHA512
  
  c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
- SSDEEP
  
  3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO
Score

1^/10
behavioral3 behavioral4
- Target
  
  Add/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral5 behavioral6
- Target
  
  Add/UsefulExtensions.dll
- Size
  
  58KB
- MD5
  
  45ff32ca3f381635351e50972795716d
- SHA1
  
  f5520ba5e716cb8aa86f504d70745ac474419432
- SHA256
  
  a77c301757da793a026846915e6f7950d64fb3f7003199adf45a606a3f28883e
- SHA512
  
  910abf2e1ec213d8f67f36f3c150af4b4485048947a26e69983ef75cb6a1a69f92de3be6a6323541ea227738749467e93467f76df904c971f16b38bb33bd1209
- SSDEEP
  
  768:YgcRHaTMHF/L5i+yC//YGtoHRBSW3Z2oXvS/XB0nWPEgDhkJtc2GIEN101KZ9:YuTYz5YC/fox7Z2oXvU7AeSKz
Score

1^/10
behavioral7 behavioral8
- Target
  
  Add/libGLESV2.dll
- Size
  
  1.5MB
- MD5
  
  aebbd25609c3f1d16809c02f12e99896
- SHA1
  
  7675d0f61062490b8c7043a66a8d88d5d147f7a9
- SHA256
  
  6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c
- SHA512
  
  a441ae0fe98ae39ed7fd1feb410bcac3aba9179242c62166190926588b97e11f0a3442d0619c6a2f6070e336a82d7fcabeb89461ff15fe878da13f2a57710f87
- SSDEEP
  
  24576:IGyEmXb3NBT+BZDQnVjDuBy8aTnilzT8QreNdJU8GAeZRyRWh:I8mr3OaDVXnilcQreNdJU8GOWh
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  App_Installer.exe
- Size
  
  68.1MB
- MD5
  
  9ce5da2670c3f3105dccfd2a7a8b8ea8
- SHA1
  
  7ea79e80b932fb1d5bb90f8aa2177891fffd11e9
- SHA256
  
  4bdbf8c72c59d5d804c4f3e128f1326a00c7df5822d341988737f5b74ccfefa2
- SHA512
  
  42d6ad0ca02e37629983b1b8da8caa8f4c5e4c930c67148901001f5888bcd9e198b6dd1ef6682e12f640ca286378fce67707f3bbcb4c019b6edb4ff1f284cd4a
- SSDEEP
  
  786432:Ysh10dBsh10dZsh10dCsh10dgsh10dTsh10dPsh10d8sh10d+sh10dFsh10dtshp:dkEksk9k/kGkakPkdkgkwkZk/k1k+k
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12