rhadamanthys | c327fafdbfb1735c868a7c487e7550ae7f4425cd8b818345881b0b4d8f596442 | Triage

Sharing

General

Target

github.zip
Size

2.2MB
Sample

241102-yl6dvstjht
MD5

a9c7f2eb46e3d2b0bfa0f0b20c998a07
SHA1

91e9393b82b876a6e29bd67d75ce2a1a837c4bad
SHA256

c327fafdbfb1735c868a7c487e7550ae7f4425cd8b818345881b0b4d8f596442
SHA512

42ac90f174f76c8fcc31810359c20e6eedf0ada5423e82124cdb907ddd13459ae131391559b1a8bfd312bd536bf9e3b72c2f5f61994d1a942c21d07552011e3c
SSDEEP

49152:cU+7vswIFTsZMO6lG7cBdYRv9rUkUXGBh/qx5NcMOlK0d7:7+oQZMO6McUhRUf4h/gbglKY7

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.216.70.103:3951/23fa5e4c813bef61/v5q3ew4d.nnx7b

Targets

- Target
  
  github/SDL3.dll
- Size
  
  1.5MB
- MD5
  
  cfb1a1c99e10399cd70805f83a9f2552
- SHA1
  
  748b6064b7aa0b735cef70addf6402c942e11534
- SHA256
  
  62f1aaa6a7608990c628c0c6c81f0b12b19e97d0fa0f2cd7a39eac859e62cd9b
- SHA512
  
  f016f76d21184a935e70fd4dbd43386549d4d99754610168ce942d20b655090fd748b2c621dfdc9ea579568a6f0cc3ca435b8ae31b38e9acdc6906d64fbfe487
- SSDEEP
  
  24576:GxrJww7e22SBOhtXMoqAYKKKFIrF4MFn7AAuqND68ZKX/GgmNU39VBCARkbsAiJo:GBrF4MHuqRDZKX/5Ws9pAiJDml
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  github/SDL3_image.dll
- Size
  
  232KB
- MD5
  
  72e5436ce413c4132c99ad49d1c5434e
- SHA1
  
  a8643fcb3a85aa0bf2eaa3f67e055c48afa69636
- SHA256
  
  fe0d82bfbac24f278168c385dad90e75d85aae9ff1fd8e54f7a2b908f13e78d7
- SHA512
  
  a726b504ff931260a548d85ebd81b365d0bfc7767eddcd7d909cae3428d114bf8813c57caff248e81fa1a95c3a7d7ef04408e653c45fca4fc6127dd21cbc43a0
- SSDEEP
  
  3072:E+BlPPr46x1qZgG6OZRvpSzoA7PCd7r3thtCvmOnL0/iDfsKKb4gM/D1btqNnrGO:3lAMCd7rTtCvJLTDDKDM/DDhg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  github/SDL3_ttf.dll
- Size
  
  1.6MB
- MD5
  
  ad56b88c5165b3b6d64c3335af6ad533
- SHA1
  
  69ebf811c0d10841f6264a98ade06d1ab3a61f8c
- SHA256
  
  07803a28a527126dbfb0da580c82e99747df50297ef492829dbcb593bd78172b
- SHA512
  
  6448b98d3ffd3a4dfc1c5e6552f2602644506707da4dad83c5a89cedbc65101f499879339d79d111f978f2a40ab38ca0df831142d6c64f557725f085bbf2fd80
- SSDEEP
  
  24576:8SBXg5eeFMXqwaAeuYpZysG3hldm3nlLqDlDKZ9YGdFX6tAX:8cXgfFseuQysemUJD6YGHX6tK
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  github/crashhandler.dll
- Size
  
  361KB
- MD5
  
  921ecaa849aa3eebea83cc117f057bbc
- SHA1
  
  b7eac57ca1e82b1011379893c88c76906b8c6833
- SHA256
  
  956264d928cc41776196b6a8162bf5895e0f093cc8049842fc90ad55e8c2f198
- SHA512
  
  2ea60ab1c5119254c38e136c3f1a88450fc0256fe5dcc621dd42235c72f50ef5ae2cf8fd481ee0cd663ee8173c09522fc7e11d72101072617d40ad193af9b3a7
- SSDEEP
  
  6144:nLCe3fmcLI/FH/XGch7xAAucANXuwzg1LqFEZOogHiWlqjt+v1Y4dAVAO8ZZNOGk:nmeOcLkHnhNAAucANXuwzgQFE6iWlJvy
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  github/crashhandler64.dll
- Size
  
  464KB
- MD5
  
  b744885ff062dce0355cf415b3c93f0d
- SHA1
  
  aa3db263fabe2d7ea614a14d3a74cdd208bdb076
- SHA256
  
  cc1a703d61270c59d916ba578152f51fc984b0aa08546d4c4f3ea4006fad3b0e
- SHA512
  
  3b378763c19d1e0d821a8c899f0a88a917fa443874559b1b287be999f89565c646d492b17c7ec69df393ac593a9c8519823435c34a83a46e5c9d6494767eff4a
- SSDEEP
  
  12288:2BMV7xYxSWtECWc2BNWiENRNTqc5tVoewp:zV7exS+E22BNWtNPqc5tVkp
Score

1^/10
behavioral10 behavioral9
- Target
  
  github/setup.exe
- Size
  
  386KB
- MD5
  
  e8b9cdee9161158dddb56f95de383e45
- SHA1
  
  afd22ccb83824b9fc77d9b6c5863a8db38174ee1
- SHA256
  
  d2ff960faa177b580fe8105e67aaa9fa8c0077768d685d47a54420f28cd053c2
- SHA512
  
  eefa3489f755a85e951d50508004a500bc49cec13b505927653cc261b75567d11f4fa35003a283050d9d9e51ca6d56099e5976b453557fe908dcf96e75fb1635
- SSDEEP
  
  6144:pwY0C52EIPbosrauPYskgsxLNizYv1voD4cW/3xs0TtxGFjH88Pew8DyofjP8:E7raqrkdv1vW4cW/x9txsjHbP04
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

rhadamanthysdiscoverystealer

behavioral12

rhadamanthysdiscoverystealer