rhadamanthys | 689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...77.exe

windows7-x64

JaffaCakes...77.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677
Size

704.8MB
Sample

241222-wrdjxsvqbr
MD5

9cfe63d830e6f3821ffd5df71a76b268
SHA1

a267e0305fa9a90a0b3461ab4c002eace9bf9cb2
SHA256

689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677
SHA512

8bd5cbf130f117d5c8b812206fb84f61d9adf7ea6e0871f091535348203939deb7746416d1d5b30206e73e8409705644d9914ba38e156f68aa4653da14ca9dc9
SSDEEP

49152:yfLu6Wexov67DXJJipU1FGDH8F9ClBX51aqBz0H/wBuLEpqd06GzZ1+WOg/m:ai6Txoi7DmpUOD87qXXWfwB6EpqHG8

Score

10^/10

rhadamanthys discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677.exe

Resource

win7-20241010-en

rhadamanthys discovery stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677.exe

Resource

win10v2004-20241007-en

rhadamanthys discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.17.0.221:3709/96da56a338969138/umtlpn2m.hg4h8

Targets

- Target
  
  JaffaCakes118_689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677
- Size
  
  704.8MB
- MD5
  
  9cfe63d830e6f3821ffd5df71a76b268
- SHA1
  
  a267e0305fa9a90a0b3461ab4c002eace9bf9cb2
- SHA256
  
  689c458a2eff97ed8bda994d4eb86bf4fb9d85fae59557fe2ef1f6b60963d677
- SHA512
  
  8bd5cbf130f117d5c8b812206fb84f61d9adf7ea6e0871f091535348203939deb7746416d1d5b30206e73e8409705644d9914ba38e156f68aa4653da14ca9dc9
- SSDEEP
  
  49152:yfLu6Wexov67DXJJipU1FGDH8F9ClBX51aqBz0H/wBuLEpqd06GzZ1+WOg/m:ai6Txoi7DmpUOD87qXXWfwB6EpqHG8
Score

10^/10

rhadamanthys discovery stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

© 2018-2025

Terms | Privacy