rhadamanthys | 48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc | Triage

Sharing

General

Target

taskexec323Ewe.zip
Size

4.4MB
Sample

241020-3qvv5syerr
MD5

03138e3ecc2df5643bfb9dc41722d6cf
SHA1

d8d52a348adb94ef66a285e976876396dcde0634
SHA256

48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc
SHA512

c53f09588fe9fd7bd5328140f0b235686b36be30fa09a430015fa319c1e3dbb20ab58e84ec4ed7515c39c1168e316d808a744875ac3f375c443786a9b584f6f1
SSDEEP

98304:bRREt9wfqoBlDYLY+vn+yDmRTuoV86pp1nBaa6oEDAuviRP:NRMwyegtDmdpVFJnjMMP

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.196.11.237:9697/f002171ab05c7/73434jqg.jxviu

Targets

- Target
  
  msn.exe
- Size
  
  5.5MB
- MD5
  
  537915708fe4e81e18e99d5104b353ed
- SHA1
  
  128ddb7096e5b748c72dc13f55b593d8d20aa3fb
- SHA256
  
  6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74
- SHA512
  
  9ceaaf7aa5889be9f5606646403133782d004b9d78ef83d7007dfce67c0f4f688d7931aebc74f1fc30aac2f1dd6281bdadfb52bc3ea46aca33b334adb4067ae2
- SSDEEP
  
  49152:ERUl697ngPTrho9J8kgdjbHNZ5PP/Re5m3mxVN6KEp0v7J7k66ZRkQTXw+sljVop:uAXqnhON8m3mzNHTdw6YSX+sleu5y
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer