rhadamanthys | 46298b16b10079f44ee9515920de3391bd0590c36427e15ba81841a5e686bb79 | Triage

Sharing

General

Target

1d1505d6acae5dfe0ad58fddd7933cfc.exe
Size

442KB
Sample

241010-hjx2pswbjq
MD5

1d1505d6acae5dfe0ad58fddd7933cfc
SHA1

ec64dd991550788047d6e512b8d17a7d73e48c6a
SHA256

46298b16b10079f44ee9515920de3391bd0590c36427e15ba81841a5e686bb79
SHA512

ee14b7b6b1b9845d61786a11f1d5da757898212d634637aceb276077c803b79e614fe46a07403108c4430e82010adccc5b32a0183e85b998f38ed9f7030d70bf
SSDEEP

12288:m+RQLpoHCpa7QDoGukWV1hC8kVOYfCYfQ8O6akF19ecKPs:mtNDILn8u

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/q4cs18w4.g9muv

Targets

- Target
  
  1d1505d6acae5dfe0ad58fddd7933cfc.exe
- Size
  
  442KB
- MD5
  
  1d1505d6acae5dfe0ad58fddd7933cfc
- SHA1
  
  ec64dd991550788047d6e512b8d17a7d73e48c6a
- SHA256
  
  46298b16b10079f44ee9515920de3391bd0590c36427e15ba81841a5e686bb79
- SHA512
  
  ee14b7b6b1b9845d61786a11f1d5da757898212d634637aceb276077c803b79e614fe46a07403108c4430e82010adccc5b32a0183e85b998f38ed9f7030d70bf
- SSDEEP
  
  12288:m+RQLpoHCpa7QDoGukWV1hC8kVOYfCYfQ8O6akF19ecKPs:mtNDILn8u
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer