rhadamanthys | d4e07d9cc1eaa08e84d2679f89829a4e8dec000b6ad1c793c3500df77f746b69 | Triage

Sharing

General

Target

D4E07D9CC1EAA08E84D2679F89829A4E8DEC000B6AD1C793C3500DF77F746B69
Size

78.7MB
Sample

241220-c7p34sxkey
MD5

d83a4f163a9a76a81dabcb7123df01d5
SHA1

765d934964ce4d11bf37d662083d497f4fd685fe
SHA256

d4e07d9cc1eaa08e84d2679f89829a4e8dec000b6ad1c793c3500df77f746b69
SHA512

758a2fadbf033c54584ab7affd2a7291ec86a43da1b0b0c0d85a10df595643799e9c8796c3abb0e2262212ab5051f1ae8894b8fd0039710e8bce4d1da749b85c
SSDEEP

1572864:gIP31m/9JRLQwY9FhWYeWmetINN6Hy/S5PQtOACiK1IHAdoI:TNoRLQwY9F+NrkFYup

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Targets

- Target
  
  D4E07D9CC1EAA08E84D2679F89829A4E8DEC000B6AD1C793C3500DF77F746B69
- Size
  
  78.7MB
- MD5
  
  d83a4f163a9a76a81dabcb7123df01d5
- SHA1
  
  765d934964ce4d11bf37d662083d497f4fd685fe
- SHA256
  
  d4e07d9cc1eaa08e84d2679f89829a4e8dec000b6ad1c793c3500df77f746b69
- SHA512
  
  758a2fadbf033c54584ab7affd2a7291ec86a43da1b0b0c0d85a10df595643799e9c8796c3abb0e2262212ab5051f1ae8894b8fd0039710e8bce4d1da749b85c
- SSDEEP
  
  1572864:gIP31m/9JRLQwY9FhWYeWmetINN6Hy/S5PQtOACiK1IHAdoI:TNoRLQwY9F+NrkFYup
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer