rhadamanthys

General

Target

7.7z
Size

63.7MB
Sample

241116-vm7frsyrbv
MD5

2917a4e44cb82a6c63bdba9f11dc6883
SHA1

3c0fdee7da2fcc5b61d0fd26591bd22bd3dd7681
SHA256

f2d043e2159f6d68cbbc22adf3d5aa871fbfcefc571b57565616c981096a2d9e
SHA512

33a7f7a140d832d2d9d3b5dcf29c2a13264a414802e0724279eb754fd5004f3a0e66edc62524ac1f5341ec42528111e035df1ef24d95a55569732d4527c55b83
SSDEEP

1572864:R9v9IIWEwfIIDXFGOjCjWS6W7shDyo4eB18oqdKlFcW:rmEWIIDX8OjDSk4e0dmd

Score

10^/10

Malware Config

Targets

- Target
  
  Ssna11.exe
- Size
  
  11.4MB
- MD5
  
  aa88fcfd9717c43e308b32e3d3721e24
- SHA1
  
  4b9e7c987844450be367d4200b243d26f0429df6
- SHA256
  
  94d63cf6d3d2580aeab1efbcb69d02942977e127eca62b099cbb0aef7f4fc22a
- SHA512
  
  02ad0ce7ab28aeec6d6f5bb9aed44fb20ee607622ec14e07778f2ebec143e8246caa7dc03c5c0173944ab2e687a0309d24459e14eaf058956a57be97e96e9ca4
- SSDEEP
  
  6144:utXaerXYn2P8emTh+1C23nI9a53FLy8Jm4SGE0noEPOK:utvT8eKYrIY53FLy8Jm47ENEPF
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Sunlogin_output.exe
- Size
  
  63.6MB
- MD5
  
  af61e50d2c391aefd54d6fef36be542d
- SHA1
  
  0bd5a47894cf6436e541644ea957d2da6544b78a
- SHA256
  
  46379d431e8e4bb7104555ece6dd254b34ad461cca1793d0f7dcd3f7b70de7bf
- SHA512
  
  46ce0fd1f135ec19359d5cdb59c3f67dc31104f92d2a97b81a47b3ddd45311564dba49adcf6ea90eec168bca6b68c27b7da67ead648162d5f630332819cc7209
- SSDEEP
  
  786432:llOLwxvg0im7xP8tNA7RJlzOob13dT3mBspsQzS/bhu5UI798wJMwmnX0HGR5z:llOLio0r71qAvUob135mzQzpUu/rmZF
Score

10^/10

rhadamanthys discovery stealer upx
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4