rhadamanthys | 049e5b6490a95f5c8ffda93a7e727b56be410d8f21a6204d4ccb05f30aed384f | Triage

Sharing

General

Target

049e5b6490a95f5c8ffda93a7e727b56be410d8f21a6204d4ccb05f30aed384f
Size

1.3MB
Sample

241016-qtc4aawaqr
MD5

859e31a6dbe68196eba29ceba7ab4785
SHA1

db1dc86c4fdafee66da2348820cbb03cd8ac7243
SHA256

049e5b6490a95f5c8ffda93a7e727b56be410d8f21a6204d4ccb05f30aed384f
SHA512

6aa56d8f44750f838997229e17c108a27bc9cfe218841f7a025eb81ee021392bd0eb3011daf81623fd0926dfdcdbea9cb2bdac921ee7b1a8801d22c3434839d3
SSDEEP

12288:UHMwtUIe1bcIaNpBEsW47urJ4A8UuQKf70CYkZ:UscUIWcIIBLWEMJ4A8UYf70rk

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/va8digge.go8ke

Targets

- Target
  
  049e5b6490a95f5c8ffda93a7e727b56be410d8f21a6204d4ccb05f30aed384f
- Size
  
  1.3MB
- MD5
  
  859e31a6dbe68196eba29ceba7ab4785
- SHA1
  
  db1dc86c4fdafee66da2348820cbb03cd8ac7243
- SHA256
  
  049e5b6490a95f5c8ffda93a7e727b56be410d8f21a6204d4ccb05f30aed384f
- SHA512
  
  6aa56d8f44750f838997229e17c108a27bc9cfe218841f7a025eb81ee021392bd0eb3011daf81623fd0926dfdcdbea9cb2bdac921ee7b1a8801d22c3434839d3
- SSDEEP
  
  12288:UHMwtUIe1bcIaNpBEsW47urJ4A8UuQKf70CYkZ:UscUIWcIIBLWEMJ4A8UYf70rk
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer