rhadamanthys | f4e3d73eac0f751a9d519e5a8eaff679837413c069a8f0a614d2792d899e44c3 | Triage

Sharing

General

Target

Setup.zip
Size

74.8MB
Sample

241014-rhmzsayfrg
MD5

e874d098f773b601430b0f76a0148eab
SHA1

4873d7d73500323342a3cc0a94107ab52585ffd7
SHA256

f4e3d73eac0f751a9d519e5a8eaff679837413c069a8f0a614d2792d899e44c3
SHA512

ebe031951937cca71f24788399a22a14d800727161c9d52cc70e6104faa24e836ecc3a5951afabeb2c2c9ce2aa1fa15917ef7f43449b3682288cebe4011aa221
SSDEEP

1572864:HdHhu/c91wW7MJh9+XigReAs1g/HvYEyGLKPa0iHDP0:HxgS1nCh9+yydveGLmiHL0

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/rt8egk5u.wu267

Targets

- Target
  
  Setup.zip
- Size
  
  74.8MB
- MD5
  
  e874d098f773b601430b0f76a0148eab
- SHA1
  
  4873d7d73500323342a3cc0a94107ab52585ffd7
- SHA256
  
  f4e3d73eac0f751a9d519e5a8eaff679837413c069a8f0a614d2792d899e44c3
- SHA512
  
  ebe031951937cca71f24788399a22a14d800727161c9d52cc70e6104faa24e836ecc3a5951afabeb2c2c9ce2aa1fa15917ef7f43449b3682288cebe4011aa221
- SSDEEP
  
  1572864:HdHhu/c91wW7MJh9+XigReAs1g/HvYEyGLKPa0iHDP0:HxgS1nCh9+yydveGLmiHL0
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2