rhadamanthys | 9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa | Triage

Sharing

General

Target

9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
Size

185KB
Sample

241124-xp4trszper
MD5

3ceadae46152fa702b5e58f76ac5fd8a
SHA1

0f47e011ba3cea3e6c11d3460124f3d607d4252d
SHA256

9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
SHA512

1caabcee2b2c882b74b28f2b6faa3733fd603e67859463f5f67f46a228a8681efdb5fa76a38cd725b9e758c0a410428def7f43590304fb52dbaabad40123f582
SSDEEP

3072:6rtHTIN7WXsrbiUSAY4pf7JCIaxIJlShDGbm/5uDGWqB2l7:6ZzXcrjztp7JliNum/5

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://127.0.0.1/blob/blob.mp4

Targets

- Target
  
  9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
- Size
  
  185KB
- MD5
  
  3ceadae46152fa702b5e58f76ac5fd8a
- SHA1
  
  0f47e011ba3cea3e6c11d3460124f3d607d4252d
- SHA256
  
  9f9173c0beedcab4b286c7a88efd7673508e90950fccb1c8dbaa4a02f391c5fa
- SHA512
  
  1caabcee2b2c882b74b28f2b6faa3733fd603e67859463f5f67f46a228a8681efdb5fa76a38cd725b9e758c0a410428def7f43590304fb52dbaabad40123f582
- SSDEEP
  
  3072:6rtHTIN7WXsrbiUSAY4pf7JCIaxIJlShDGbm/5uDGWqB2l7:6ZzXcrjztp7JliNum/5
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2