rhadamanthys | 87eec7252ebb3103d6cec3600bbba578226dff35786744b716948726a7443bc3 | Triage

Sharing

General

Target

launcher(1).exe
Size

35.9MB
Sample

241012-qf259awglq
MD5

8493c18b6abe1c949cdfb7b85607ea12
SHA1

1b68df0319a0899e5ded197a6114f9af712d39b4
SHA256

87eec7252ebb3103d6cec3600bbba578226dff35786744b716948726a7443bc3
SHA512

e86b2a2889594a647ac467bb653fb2cee975dc31378ee2607fa28508af948a347015e93c87bf2e4fc69ddea94c558e19b9144efceff80186cdac6eb036f650c6
SSDEEP

393216:+1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfd:+Mguj8Q4Vfv1qFTrY6

Score

10^/10

rhadamanthys discovery execution stealer

Malware Config

Targets

- Target
  
  launcher(1).exe
- Size
  
  35.9MB
- MD5
  
  8493c18b6abe1c949cdfb7b85607ea12
- SHA1
  
  1b68df0319a0899e5ded197a6114f9af712d39b4
- SHA256
  
  87eec7252ebb3103d6cec3600bbba578226dff35786744b716948726a7443bc3
- SHA512
  
  e86b2a2889594a647ac467bb653fb2cee975dc31378ee2607fa28508af948a347015e93c87bf2e4fc69ddea94c558e19b9144efceff80186cdac6eb036f650c6
- SSDEEP
  
  393216:+1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfd:+Mguj8Q4Vfv1qFTrY6
Score

10^/10

rhadamanthys discovery execution stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoveryexecutionstealer