rhadamanthys | 17ef63395dd24979aeaf6bae39cc015ab6f2c4f1a636b2f7d376428a0d072ef8 | Triage

Resubmissions

22-10-2024 20:31

241022-za7m8avdpm 10

22-10-2024 20:06

241022-yvkhra1gpc 7

Sharing

General

Target

Gatherum Installer.exe
Size

49.7MB
Sample

241022-za7m8avdpm
MD5

e3037737b8f93aba2883cf659ec8d03e
SHA1

d29ab97312396bb9c1e7edd803b46954500e5bd8
SHA256

17ef63395dd24979aeaf6bae39cc015ab6f2c4f1a636b2f7d376428a0d072ef8
SHA512

6a4be06dec84ee12510630bdb340d0d8f79b2897ba0f7fcf2782ee1c881fcd81468a37e24cb2a58ee9629b6b641c2f6a2eed384659226f58bb9136eb8bf6cda6
SSDEEP

1572864:L9QC1e8qh+C1eU2qHMbgjTE/VYfC+Z3Y/:L1e8qhvx6g9Cs3Y/

Score

10^/10

rhadamanthys discovery execution stealer

Malware Config

Targets

- Target
  
  Gatherum Installer.exe
- Size
  
  49.7MB
- MD5
  
  e3037737b8f93aba2883cf659ec8d03e
- SHA1
  
  d29ab97312396bb9c1e7edd803b46954500e5bd8
- SHA256
  
  17ef63395dd24979aeaf6bae39cc015ab6f2c4f1a636b2f7d376428a0d072ef8
- SHA512
  
  6a4be06dec84ee12510630bdb340d0d8f79b2897ba0f7fcf2782ee1c881fcd81468a37e24cb2a58ee9629b6b641c2f6a2eed384659226f58bb9136eb8bf6cda6
- SSDEEP
  
  1572864:L9QC1e8qh+C1eU2qHMbgjTE/VYfC+Z3Y/:L1e8qhvx6g9Cs3Y/
Score

10^/10

rhadamanthys discovery execution stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoveryexecutionstealer