rhadamanthys | ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a | Triage

Submit
Reports

Overview

overview

Static

static

3

ae9768a347...2a.exe

windows7-x64

ae9768a347...2a.exe

windows10-2004-x64

Sharing

General

Target

ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a.exe
Size

15.1MB
Sample

241018-cyk3ssvblq
MD5

4247605d401ed13d7584377852052793
SHA1

9456200c2cc28957491a3e9709acbe6fb834a687
SHA256

ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a
SHA512

8a1aa03b57ed8778fa1ae9d449dfd34fc514dd38bdccad39c0095540ff745fbb784b35061c8d9d214054ad5004dbde31430395fc1d9d1c1ac52c19cfb52bf3a2
SSDEEP

393216:Vn8IgucBc26M/Rovs1B7I5RmPAfAmYKYUC0sdeC:58ju8c26MZo26FrYdhYC

Score

10^/10

rhadamanthys discovery stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a.exe

Resource

win7-20240903-en

rhadamanthys discovery stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a.exe

Resource

win10v2004-20241007-en

rhadamanthys discovery stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a.exe
- Size
  
  15.1MB
- MD5
  
  4247605d401ed13d7584377852052793
- SHA1
  
  9456200c2cc28957491a3e9709acbe6fb834a687
- SHA256
  
  ae9768a3474439037f053a672ffae03608fa3e127aa9927b0127b7a22825c62a
- SHA512
  
  8a1aa03b57ed8778fa1ae9d449dfd34fc514dd38bdccad39c0095540ff745fbb784b35061c8d9d214054ad5004dbde31430395fc1d9d1c1ac52c19cfb52bf3a2
- SSDEEP
  
  393216:Vn8IgucBc26M/Rovs1B7I5RmPAfAmYKYUC0sdeC:58ju8c26MZo26FrYdhYC
Score

10^/10

rhadamanthys discovery stealer upx
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealerupx

behavioral2

rhadamanthysdiscoverystealerupx

© 2018-2025

Terms | Privacy