rhadamanthys | 03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306 | Triage

Sharing

General

Target

SilverRAT.exe
Size

448KB
Sample

241125-n1lmwsvpcw
MD5

e1e28c3acf184aa364c9ed9a30ab7289
SHA1

1a173a6f4ec39fe467f1b4b91c9fad794167ac1c
SHA256

03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306
SHA512

e8d38c9a144b7f4531e617de45dc240042a7b9ce7dd5766eb2f763b505d9786acccf54f3a03ff3639c36c957e2d14d34b5b59196170eb1b6b5f17e8a417d6991
SSDEEP

6144:nC5hyUR+MhyfUj6qfoMXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BoMmID/mQmpMcmSSIU16XE2e5L

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://95.214.55.177:2474/fae624c5418d6/black.api

Targets

- Target
  
  SilverRAT.exe
- Size
  
  448KB
- MD5
  
  e1e28c3acf184aa364c9ed9a30ab7289
- SHA1
  
  1a173a6f4ec39fe467f1b4b91c9fad794167ac1c
- SHA256
  
  03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306
- SHA512
  
  e8d38c9a144b7f4531e617de45dc240042a7b9ce7dd5766eb2f763b505d9786acccf54f3a03ff3639c36c957e2d14d34b5b59196170eb1b6b5f17e8a417d6991
- SSDEEP
  
  6144:nC5hyUR+MhyfUj6qfoMXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BoMmID/mQmpMcmSSIU16XE2e5L
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer