Overview

overview

10

Static

static

3

2024-11-16...ys.exe

windows7-x64

10

2024-11-16...ys.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-16_b0b656914a177099dd8c9714e7a42604_luca-stealer_magniber_rhadamanthys

  • Size

    10.0MB

  • Sample

    241116-db9y3syfjk

  • MD5

    b0b656914a177099dd8c9714e7a42604

  • SHA1

    a2a630a1fb6150fce0e99d69f55af1da5792c563

  • SHA256

    71af5b6c0116d79babda2bfc5cbc7d47c94c53bb09007997eb3ed60485efe654

  • SHA512

    9898ed7fc50e85453eb1ca8289570bb5a753e48982dbe850c1273f2b97b736261111a4c71007efe50248015227d313581b8c2e456ab17f39be3e9fb6001f1a83

  • SSDEEP

    98304:FF+f/g0GlqoYZGX+5dRl2cZI0V7zkJ+djJALokUebxVGqCaJq0mgxWxJg:FF+3g0IQHdPtjOLokUebxVGqQGxWxJ

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://51.75.171.9:5151/9640d96bbead45f349f3ab9/pgkqrv8r.8hage

Targets

    • Target

      2024-11-16_b0b656914a177099dd8c9714e7a42604_luca-stealer_magniber_rhadamanthys

    • Size

      10.0MB

    • MD5

      b0b656914a177099dd8c9714e7a42604

    • SHA1

      a2a630a1fb6150fce0e99d69f55af1da5792c563

    • SHA256

      71af5b6c0116d79babda2bfc5cbc7d47c94c53bb09007997eb3ed60485efe654

    • SHA512

      9898ed7fc50e85453eb1ca8289570bb5a753e48982dbe850c1273f2b97b736261111a4c71007efe50248015227d313581b8c2e456ab17f39be3e9fb6001f1a83

    • SSDEEP

      98304:FF+f/g0GlqoYZGX+5dRl2cZI0V7zkJ+djJALokUebxVGqCaJq0mgxWxJg:FF+3g0IQHdPtjOLokUebxVGqQGxWxJ

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks