rhadamanthys

General

Target

LockBitRW.rar
Size

2.6MB
Sample

241205-r1m3haynct
MD5

cff570c34e99218bd2ae7454234082e3
SHA1

7037992c0d898866ee344eb0a8f36b99d3603ea2
SHA256

9ad0324340223dbe0dd10e61f2b497be6013b8840b5fda015e4c7296270d2122
SHA512

22d6ea113e56707450995c5025467def6a91e4efae5f9d1b719cbe5eb9c6d499d693a40e14f4f65a685c98edff45a50fb9b5f4e80c2238bf7fa53308e2226613
SSDEEP

49152:REmempzmEmeJS6+KWxxeEiqTwoGbC8aASHi8nNzFjVUWkEm3Q7iC3uEsTEmu:/eUUeINGokC8FH8NZjveg753Rslu

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

- Target
  
  LockBitRW.rar
- Size
  
  2.6MB
- MD5
  
  cff570c34e99218bd2ae7454234082e3
- SHA1
  
  7037992c0d898866ee344eb0a8f36b99d3603ea2
- SHA256
  
  9ad0324340223dbe0dd10e61f2b497be6013b8840b5fda015e4c7296270d2122
- SHA512
  
  22d6ea113e56707450995c5025467def6a91e4efae5f9d1b719cbe5eb9c6d499d693a40e14f4f65a685c98edff45a50fb9b5f4e80c2238bf7fa53308e2226613
- SSDEEP
  
  49152:REmempzmEmeJS6+KWxxeEiqTwoGbC8aASHi8nNzFjVUWkEm3Q7iC3uEsTEmu:/eUUeINGokC8FH8NZjveg753Rslu
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Executes dropped EXE
behavioral1
- Target
  
  Debug/decryptor.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral2
- Target
  
  Release/decryptor.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral3
- Target
  
  builder.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral4
- Target
  
  decryptor/decryptor.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect rhadamanthys stealer shellcode

Rhadamanthys family

Executes dropped EXE

Detect rhadamanthys stealer shellcode

Rhadamanthys

Rhadamanthys family

Detect rhadamanthys stealer shellcode

Rhadamanthys

Rhadamanthys family

Detect rhadamanthys stealer shellcode

Rhadamanthys

Rhadamanthys family

Detect rhadamanthys stealer shellcode

Rhadamanthys

Rhadamanthys family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5