rhadamanthys | c327fafdbfb1735c868a7c487e7550ae7f4425cd8b818345881b0b4d8f596442 | Triage

Sharing

General

Target

github.zip
Size

2.2MB
Sample

241102-yh1dfatfqq
MD5

a9c7f2eb46e3d2b0bfa0f0b20c998a07
SHA1

91e9393b82b876a6e29bd67d75ce2a1a837c4bad
SHA256

c327fafdbfb1735c868a7c487e7550ae7f4425cd8b818345881b0b4d8f596442
SHA512

42ac90f174f76c8fcc31810359c20e6eedf0ada5423e82124cdb907ddd13459ae131391559b1a8bfd312bd536bf9e3b72c2f5f61994d1a942c21d07552011e3c
SSDEEP

49152:cU+7vswIFTsZMO6lG7cBdYRv9rUkUXGBh/qx5NcMOlK0d7:7+oQZMO6McUhRUf4h/gbglKY7

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.216.70.103:3951/23fa5e4c813bef61/v5q3ew4d.nnx7b

Targets

- Target
  
  github/setup.exe
- Size
  
  386KB
- MD5
  
  e8b9cdee9161158dddb56f95de383e45
- SHA1
  
  afd22ccb83824b9fc77d9b6c5863a8db38174ee1
- SHA256
  
  d2ff960faa177b580fe8105e67aaa9fa8c0077768d685d47a54420f28cd053c2
- SHA512
  
  eefa3489f755a85e951d50508004a500bc49cec13b505927653cc261b75567d11f4fa35003a283050d9d9e51ca6d56099e5976b453557fe908dcf96e75fb1635
- SSDEEP
  
  6144:pwY0C52EIPbosrauPYskgsxLNizYv1voD4cW/3xs0TtxGFjH88Pew8DyofjP8:E7raqrkdv1vW4cW/x9txsjHbP04
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer