rhadamanthys | c10b5ee78d7ca90b5c21f72c945312419ea69ea77e29b7bec668fcc81a3fbd14 | Triage

Sharing

General

Target

setup.exe
Size

656KB
Sample

241023-xva4msvhkg
MD5

858e4999365508f9f4b31e6f57830776
SHA1

e438f9977e8bf397b0acf3ec29e2e687a6175579
SHA256

c10b5ee78d7ca90b5c21f72c945312419ea69ea77e29b7bec668fcc81a3fbd14
SHA512

31ad09c4151948fbee6949327a3ef7e2e42584fdaf3b7bf94d253a96ecdd1ba01feed86098f3d1613166afb5c36507405300d4bae59796beb71e9b83f8e17221
SSDEEP

12288:GkBfu9pYUBK+1T+W2UqHyyHGLOfrUDsK8EV4QWzcRukpk9Jcmlr7v:GkA9p7s+1T++qH1DrUlV+6KLr7v

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/rt8egk5u.wu267

Targets

- Target
  
  setup.exe
- Size
  
  656KB
- MD5
  
  858e4999365508f9f4b31e6f57830776
- SHA1
  
  e438f9977e8bf397b0acf3ec29e2e687a6175579
- SHA256
  
  c10b5ee78d7ca90b5c21f72c945312419ea69ea77e29b7bec668fcc81a3fbd14
- SHA512
  
  31ad09c4151948fbee6949327a3ef7e2e42584fdaf3b7bf94d253a96ecdd1ba01feed86098f3d1613166afb5c36507405300d4bae59796beb71e9b83f8e17221
- SSDEEP
  
  12288:GkBfu9pYUBK+1T+W2UqHyyHGLOfrUDsK8EV4QWzcRukpk9Jcmlr7v:GkA9p7s+1T++qH1DrUlV+6KLr7v
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer