rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

ProjectXOX.zip
Size

5.6MB
Sample

241127-l2zvssvreq
MD5

99b3e545a89fd0ef7aec538e53e5a71d
SHA1

02fd15bc71c76ef233102b04615701cdb6e68857
SHA256

fcb7deadf5624935d8d694846aae541f192d6aa5d30411f3398d72bbb134576c
SHA512

a520f27c8431792f4aff90437a8454f98062ee2df75935b86058d700dc25a789ee2e061be18a52ddc3d60c90d7ab73293cfffefb7c18143618c97c8343bf5fa0
SSDEEP

98304:pgUgLcU+SDLHA3l8w8/qgsLrVhAzFgbmhqhqR4D3pPaGH/RDY02CS:pgU8LHA3lHbgsLrV2F8mhqx3JakDY02/

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/gpxwtjwv.b8agu

Targets

- Target
  
  ProjectXOX/ProjectXOX.exe
- Size
  
  456KB
- MD5
  
  0eb3728b018f23cd43e0199e2033d684
- SHA1
  
  18fd395f29e4fb7ef69e98a68851268227f8e9cb
- SHA256
  
  5f11c613c5875c650c11c493a74971d0f741ac890951beca90e38e8c397ca959
- SHA512
  
  38b295023ebbef499a18144dadfea8d9f10cb877c2b88f96083eba64eb1f3fde7340a5310d47c6ad2c320e8217c3fbf69b3176a5b85a9b356e8c8fca93c93e16
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+e:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral1 behavioral2
- Target
  
  ProjectXOX/irmfmodulewin32.dll
- Size
  
  5.7MB
- MD5
  
  95237c7ee892cd8d870bdbcb6ff6494f
- SHA1
  
  a4cc8eec90817e8db71d55a2081734c9770dab0e
- SHA256
  
  abe33933840112c5e42fdd44d8a82e0449f438d56672383ac75987a1e4a97c64
- SHA512
  
  996dba739bb0dc706bcaee0db3da32e44d3f7f803fa55c949e1978695b0966abc9405b5bba18c6795e09f2e71cee90cb0ee5e68d0df0cf2b5b850af6801bc0ad
- SSDEEP
  
  98304:Gpmkl7uAEuvs0UFD5VyU66URkLC8Ct81Eae1JqI3YL8SFlWC2nCArWQY14XJcvwz:ul7rEuXUlBikLC8Cy1Eae1JqI3YL8Spq
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ProjectXOX/platforms/qwindows.dll
- Size
  
  1.4MB
- MD5
  
  2d08d996a453c97af0a94cf490015f1f
- SHA1
  
  082ba4e232b53ced8d5672dfcf3e051573049d3b
- SHA256
  
  02b794c8b4158c258ad0c3d8ff69ba30bffe244d2239d07122f8bcddf42215ed
- SHA512
  
  4102039aa8602b32222456572288f64f09c2a7e9b7eff50f85d2d82c497120a58e39aaeedfade3248787abfca6815478dce8d8a64285f0077a35da317244dc7a
- SSDEEP
  
  24576:F6YD7Po3twR8Git2eZalxSsF1fAPLJEZxB7BA:AYPPo3CRotmlxSsQPLJEA
Score

1^/10
behavioral5 behavioral6
- Target
  
  ProjectXOX/updater/bdfilters.dll
- Size
  
  4.1MB
- MD5
  
  ed730387fdcd684b756601b863c47417
- SHA1
  
  c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde
- SHA256
  
  9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5
- SHA512
  
  e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f
- SSDEEP
  
  98304:Xl4qYuQxqYfHYosUiJovT7DBmmhjSF5og3Vk9O0KChvvvveo:XuqYuQxqYfHYosUiJoviVKvvvvJ
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  ProjectXOX/updater/libcurl.dll
- Size
  
  532KB
- MD5
  
  8da7e810e0f12b16fe6087aadda7a69c
- SHA1
  
  e76539074da170bf52a9cc06863ff8cb498c76e6
- SHA256
  
  79f567797066f6206ea870ffda11cf92612aea0ee3a26582be38ddd0fd51fa53
- SHA512
  
  7d9d40e501c9128cb81af785091aaca60b8b92af57a69f1f498bd810431e3521f9431161f8c3e4061b7e0ba2c3dfc8034e66bc4c05f5e39941623b04d367775d
- SSDEEP
  
  6144:y6NI7/hgoJrPOkFVuW6ZoiPPnk/9AAQIPGBxTShA9ZvT6QKob6LHywHFE1P+wTt4:u/ZhPxVOdk/4IPETvzhHuzE1P+wTt4
Score

1^/10
behavioral10 behavioral9
- Target
  
  ProjectXOX/x86/QtCore4.dll
- Size
  
  2.7MB
- MD5
  
  be3317d66646acc0bcb5dda1198db9b5
- SHA1
  
  bde91229d26afe7861db4522dcfa8e1b6fa68a84
- SHA256
  
  bc097cc75e9d0771cedeb46efae5e574d0fb5b9cf22750504f817a3590af0541
- SHA512
  
  fd6aaf3383dc3e67635c24826a43ee03abc5d6ffd07a9214939f9fa5047eafc8b0d3e0083a3a633dcc80f1c395b66362d1800860c9575bfd4004f18573840978
- SSDEEP
  
  49152:oxbwz+A9MHaJVHOsbbWOWXzzULQoAnqagHWL1hp0UnxGJsv6tWKFdu9ChTTLyvLm:4bwz+n6JVHNbb1WDnvgHWL1hp0UnxGJ/
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  ProjectXOX/x86/libgcc_s_dw2-1.dll
- Size
  
  42KB
- MD5
  
  c4b4409f186da70fcf2bcc60d5f05489
- SHA1
  
  056663c9fd2851cd64f39d882f6758e7a987bd42
- SHA256
  
  b35f2a8f4c8f1833f3cdec20739c58e295758ce22021d03d4335043148bd7610
- SHA512
  
  cdcb945a82a0304e4d7cfc9ae9d7e5a5e81d4e3025e982494c87c283f6fac542181e9e1e3028456b9b0b5b6279990cb3e1a50f9df0f6e707c70fa0e23c7a808c
- SSDEEP
  
  768:sZ1l+WCdhTcpKn+CwZoyf/dadEU9mRWtyTN:41l+WGhIKn+CQ7EyW0TN
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ProjectXOX/x86/mingwm10.dll
- Size
  
  11KB
- MD5
  
  dbda60d92e774b4acb3b1cd71f909426
- SHA1
  
  66bfe06a16025f574323a0ce64dcc7c8216eb56c
- SHA256
  
  56a59dae638d9bb45ce729a5d6fdfb0ecbe88b37047e4d6d20dbdef1fc90bd72
- SHA512
  
  993a1f4af21cd5e13c3b8059cf483b10a58beb0d1777703ea07e9dcb5e7f681fa774e770abe9b6b4ca66b348997da0218d0ff67f18fcca1b3ca1ece2551d965a
- SSDEEP
  
  96:ahfuHOIHxyOPLrHU4D+wdzpHvqsKZKnKTBKVhKRHK2FoSK8KcfK5uKxGKlJKHItQ:iuHOIE8rHI6RJyLTR24GEv
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect rhadamanthys stealer shellcode

Rhadamanthys family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16