rhadamanthys | 3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071 | Triage

Sharing

General

Target

3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
Size

5.8MB
Sample

241031-wkl8gstkgq
MD5

4a922d6992bf344a9c7644152f2197d6
SHA1

8c1b209d2e42e94932de731e4f537065582b2fff
SHA256

3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
SHA512

f9bdf54587dc1ed1a19bd8183011ec6256bacd10f05cd8aff69835d687ad2584cf8e1bce48ab90ee44cb26164f84b45411dc3f925d9a8b701b61a69ba140d0fd
SSDEEP

98304:ZaXtcsYpSvHtspnAGNkg7O4MrThvpXO0xWs80ADgPmGzG5zEuACQZ+uCJ1:gjf2pnAGN17O4MZlnxVmgmG65zEfz+uU

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://107.189.15.169:3194/984a658d0555c/2djicg5k.g6h88

Targets

- Target
  
  3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
- Size
  
  5.8MB
- MD5
  
  4a922d6992bf344a9c7644152f2197d6
- SHA1
  
  8c1b209d2e42e94932de731e4f537065582b2fff
- SHA256
  
  3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
- SHA512
  
  f9bdf54587dc1ed1a19bd8183011ec6256bacd10f05cd8aff69835d687ad2584cf8e1bce48ab90ee44cb26164f84b45411dc3f925d9a8b701b61a69ba140d0fd
- SSDEEP
  
  98304:ZaXtcsYpSvHtspnAGNkg7O4MrThvpXO0xWs80ADgPmGzG5zEuACQZ+uCJ1:gjf2pnAGN17O4MZlnxVmgmG65zEfz+uU
Score

10^/10

rhadamanthys discovery persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverypersistencestealer