rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

XWorm.rar
Size

3.8MB
Sample

241214-2cjehsxqfm
MD5

72ed99d6168329b94021eaf282af0552
SHA1

0be0ad479efa7b5d3021b06ab5f6b71f858ba08f
SHA256

463eb31b863993ffc7ebd1e67a593c0fc01bfcef367a988191926facfb93d93a
SHA512

b11c5657389e8e6f5af5bdbef2b22daef62e26484117c9a30de184a63980e6108cd804e43db7494f24057eaeec32ced7ab5ebd6f7aedb6467a207a209a2bd2a7
SSDEEP

98304:AdRaDzmLW/nQDItjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqh:AAearjJd8vNYNQFzEvBVtoFqh

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

- Target
  
  XWorm.rar
- Size
  
  3.8MB
- MD5
  
  72ed99d6168329b94021eaf282af0552
- SHA1
  
  0be0ad479efa7b5d3021b06ab5f6b71f858ba08f
- SHA256
  
  463eb31b863993ffc7ebd1e67a593c0fc01bfcef367a988191926facfb93d93a
- SHA512
  
  b11c5657389e8e6f5af5bdbef2b22daef62e26484117c9a30de184a63980e6108cd804e43db7494f24057eaeec32ced7ab5ebd6f7aedb6467a207a209a2bd2a7
- SSDEEP
  
  98304:AdRaDzmLW/nQDItjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqh:AAearjJd8vNYNQFzEvBVtoFqh
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  ComponentFactory.Krypton.Toolkit.dll
- Size
  
  2.8MB
- MD5
  
  129884de0e136521fd650c59b2633e82
- SHA1
  
  43fea10a62670568c00a2910c3ee6fc1ceaa1bdc
- SHA256
  
  8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30
- SHA512
  
  fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43
- SSDEEP
  
  24576:9aA+gKf9mE6kWF2IaltkdgZUfoOJtMl6X1ZTJxf9VqY7djlb1IqdGsUfSYqsyb:UIaltkdgqHJtMl6XD7h7Nh1ImYqsy
Score

1^/10
behavioral3 behavioral4
- Target
  
  ComponentFactory.Krypton.Toolkit.pdb
- Size
  
  6.6MB
- MD5
  
  5a3085fdd24c102f3d466ac92b8aaa17
- SHA1
  
  c0eaaa892b3af3133c0dc0d20d96055817442260
- SHA256
  
  5d48ad683e71d8a28f8b0f75952ddcfac127850fae74f2fdff500278e6a66a4c
- SHA512
  
  dd20f74f9b74c4a7b03f96e969d764ccc6df33a772d34e0b7b4aea3d4913a8fee8b360ccdd51be57ceec414f13060c70c33419d75af95fc768b1632d6e8264ef
- SSDEEP
  
  24576:xmMS2ySy5WenpDs/rUlFftAzngc5p66hNepJ6i2lA2Nc/YpvNyUV:NFOpJIJ9yG
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  D3DX9_43.dll
- Size
  
  2.3MB
- MD5
  
  7160fc226391c0b50c85571fa1a546e5
- SHA1
  
  2bf450850a522a09e8d1ce0f1e443d86d934f4ad
- SHA256
  
  84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
- SHA512
  
  dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
- SSDEEP
  
  49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score

1^/10
behavioral7 behavioral8
- Target
  
  Krypton.Toolkit.dll
- Size
  
  4.3MB
- MD5
  
  068b4f05eb35479a419bc55da643781e
- SHA1
  
  1d0fe6bb23bbd63dc6d4248f7c17afcf4bc16dea
- SHA256
  
  477ebd61ce116c6908a1cd1e50bc93869f6f7b9c3e0e5757551e6dd2a01b4648
- SHA512
  
  f9022c7d91364519f5b773fd641741637f89a4f4f8eb1406d1c594e0a286724cea7494fb047e810bbed0579b6870db49a6828b1c79808e4554d762f326a87dcc
- SSDEEP
  
  49152:tmB08naO5IDdOBQNJxtk7ryrDdkny3y+sUFdRcRkMb2J:Mu8naO5oj9k7rODdlmHOMbO
Score

1^/10
behavioral10 behavioral9
- Target
  
  Mono.Cecil.dll
- Size
  
  277KB
- MD5
  
  8df4d6b5dc1629fcefcdc20210a88eac
- SHA1
  
  16c661757ad90eb84228aa3487db11a2eac6fe64
- SHA256
  
  3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e
- SHA512
  
  874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174
- SSDEEP
  
  6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA
Score

1^/10
behavioral11 behavioral12
- Target
  
  Mono.Nat.dll
- Size
  
  40KB
- MD5
  
  bf929442b12d4b5f9906b29834bf7db1
- SHA1
  
  810a2b3c8e548d1df931538bc304cc1405f7a32b
- SHA256
  
  b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0
- SHA512
  
  9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828
- SSDEEP
  
  768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF
Score

1^/10
behavioral13 behavioral14
- Target
  
  VMProtectSDK64.lib
- Size
  
  7KB
- MD5
  
  f8fb5674b416f5f1a8bb4c94d60817c6
- SHA1
  
  56092d5cc15023eda121de5ff1aab47e32bc9a11
- SHA256
  
  c8c4c4d824b42ff38b05bd9f8f3781a63b9318baef087e4e9cf694ac4844a20d
- SHA512
  
  6e37daba16c47d89766665d0b1e7617878cd4e0e2abd0638e5ca3e9366740af0822a05c3fa62d0f60064a9bad4031f8b7e14d6ae5b4570f8326834ef5aa45920
- SSDEEP
  
  48:XrZ5/k5RLRzRCRXB6cI15A3Xy/F/CRcRj15T1tRLRyIBrJaFX43KXyAO4YMKUQl+:bjkqBw1xrR3KxKdKJ0DnBRU/rR
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Vestris.ResourceLib.dll
- Size
  
  76KB
- MD5
  
  64e9cb25aeefeeba3bb579fb1a5559bc
- SHA1
  
  e719f80fcbd952609475f3d4a42aa578b2034624
- SHA256
  
  34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993
- SHA512
  
  b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c
- SSDEEP
  
  1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp
Score

1^/10
behavioral17 behavioral18
- Target
  
  XWorm.config
- Size
  
  161B
- MD5
  
  c16b0746faa39818049fe38709a82c62
- SHA1
  
  3fa322fe6ed724b1bc4fd52795428a36b7b8c131
- SHA256
  
  d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad
- SHA512
  
  cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  XWorm.exe
- Size
  
  456KB
- MD5
  
  515a0c8be21a5ba836e5687fc2d73333
- SHA1
  
  c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
- SHA256
  
  9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
- SHA512
  
  4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
- SSDEEP
  
  6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
behavioral21 behavioral22
- Target
  
  imgui.ini
- Size
  
  129B
- MD5
  
  6a7578ca403fbf4a29eae1ea14190bef
- SHA1
  
  185048daacfab144bff41a3695670c38dc46fd6a
- SHA256
  
  bea859d15c0dbc0ef79b96c27dbfb538d648ab8090bba7b0885db57da10114dc
- SHA512
  
  f6e0a8ee2faea78f3019ae780d7d03a14d0534a269b6e53a7bcac9857bdbcce866efca62cb26d9151ea1dbb437404b2a0b79ad7f2bd96f82b4a55c447a5c7447
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect rhadamanthys stealer shellcode

Rhadamanthys family

Executes dropped EXE

Detect rhadamanthys stealer shellcode

Rhadamanthys

Rhadamanthys family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24