rhadamanthys | d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0 | Triage

Submit
Reports

Overview

overview

Static

static

d0313163bc...d0.exe

windows10-2004-x64

Resubmissions

27-11-2024 09:58

241127-lzvhasvqek 10

04-06-2023 06:36

230604-hdan8abh9s 10

Sharing

General

Target

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
Size

444KB
Sample

241127-lzvhasvqek
MD5

b76f5c48eba8424f23d9a8dcfd2068ac
SHA1

630280826caaeb26042aac416de5cb638bb1086c
SHA256

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
SHA512

ddfd62ee99dfa138fd2ae4d2d0c272cc99f7f7d8dfde1de027ef34e1558a92ed045ec76f3f5b3417d0ff80cb0478328c6cff9c6ea8ce588cf1a64fa7e1271e3e
SSDEEP

6144:IjKvnAzRPqkroWkScrTIhB1uA2dOJhhgWbMbitWGFNuldsfiy3NiGA:Ijzgk0TSoIuA6ahE+F0/y36

Score

10^/10

rhadamanthys discovery stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0.exe

Resource

win10v2004-20241007-en

rhadamanthys discovery stealer

windows10-2004-x64

7 signatures

30 seconds

Malware Config

Extracted

Family

rhadamanthys

C2

https://141.98.6.78:2205/a395d5716e6cc/mope1.api

Targets

- Target
  
  d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
- Size
  
  444KB
- MD5
  
  b76f5c48eba8424f23d9a8dcfd2068ac
- SHA1
  
  630280826caaeb26042aac416de5cb638bb1086c
- SHA256
  
  d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
- SHA512
  
  ddfd62ee99dfa138fd2ae4d2d0c272cc99f7f7d8dfde1de027ef34e1558a92ed045ec76f3f5b3417d0ff80cb0478328c6cff9c6ea8ce588cf1a64fa7e1271e3e
- SSDEEP
  
  6144:IjKvnAzRPqkroWkScrTIhB1uA2dOJhhgWbMbitWGFNuldsfiy3NiGA:Ijzgk0TSoIuA6ahE+F0/y36
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

© 2018-2024

Terms | Privacy