rhadamanthys | 946a2052d912c6e80542bf98460f81c9ebf59580bd64e5635cf819294172721c | Triage

Sharing

General

Target

20772208339_zip_48ede0e3a4e2b696205f639bb5f826825d.zip
Size

4.4MB
Sample

250116-r1vscawkbp
MD5

95bd6fb1454ec87c9240be104dbfe3f4
SHA1

089417f71ff50878e7b93918351dcef36c0c96df
SHA256

946a2052d912c6e80542bf98460f81c9ebf59580bd64e5635cf819294172721c
SHA512

e30bb9776a38bb3f6db3c0a6297fd59aa209ed13a9f153385c43e1e8f81690be40850d73ed87986881f5456b2ced9364a46ff38b2f5e0dfa25224789673001c9
SSDEEP

98304:j5dMBF5V+KLBthz+zjKwWTEIoTHrTt/+b+3WPxUWoDk10:ABFvDrhz+UYIyTt/x3mxUJf

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.196.11.237:9697/f002171ab05c7/73434jqg.jxviu

Targets

- Target
  
  48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc
- Size
  
  4.4MB
- MD5
  
  03138e3ecc2df5643bfb9dc41722d6cf
- SHA1
  
  d8d52a348adb94ef66a285e976876396dcde0634
- SHA256
  
  48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc
- SHA512
  
  c53f09588fe9fd7bd5328140f0b235686b36be30fa09a430015fa319c1e3dbb20ab58e84ec4ed7515c39c1168e316d808a744875ac3f375c443786a9b584f6f1
- SSDEEP
  
  98304:bRREt9wfqoBlDYLY+vn+yDmRTuoV86pp1nBaa6oEDAuviRP:NRMwyegtDmdpVFJnjMMP
Score

7^/10
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  contactsUX.dll
- Size
  
  331KB
- MD5
  
  54ee6a204238313dc6aca21c7e036c17
- SHA1
  
  531fd1c18e2e4984c72334eb56af78a1048da6c7
- SHA256
  
  0abf68b8409046a1555d48ac506fd26fda4b29d8d61e07bc412a4e21de2782fd
- SHA512
  
  19a2e371712aab54b75059d39a9aea6e7de2eb69b3ffc0332e60df617ebb9de61571b2ca722cddb75c9cbc79f8200d03f73539f21f69366eae3c7641731c7820
- SSDEEP
  
  6144:zLU98dTLLPTtdO37tzHzjRzPSzHKBJupBzC8vAocIGhL99WP+gDjX5oOyOta3H/C:P9PLrtShzHzjRMcQpsSCTO2H/Kj
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  msidcrl40.dll
- Size
  
  784KB
- MD5
  
  f1f8d156bbdd5945a4f933ac7fa7cc41
- SHA1
  
  e581235e9f1a3a8a63b8a470eaed882bc93b9085
- SHA256
  
  344ac8e5debb1a496c3648f941801cdc6ffdfcc7eef8ed38e62270a2e20b1c3a
- SHA512
  
  86d799af3be251edecf6a552f473b94a0ba2d738b7b5f4a84c31bb34db4ea458f5e50090370bdf82f945e684dd5d66b88ebe3c902305bb0a435aca1331cb4ad9
- SSDEEP
  
  12288:oqjIhzdNvajtjz38HkZIbKnxPGlJsk7aMCr0:oqjIhzdNvkjGKe1q
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  msn.exe
- Size
  
  5.5MB
- MD5
  
  537915708fe4e81e18e99d5104b353ed
- SHA1
  
  128ddb7096e5b748c72dc13f55b593d8d20aa3fb
- SHA256
  
  6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74
- SHA512
  
  9ceaaf7aa5889be9f5606646403133782d004b9d78ef83d7007dfce67c0f4f688d7931aebc74f1fc30aac2f1dd6281bdadfb52bc3ea46aca33b334adb4067ae2
- SSDEEP
  
  49152:ERUl697ngPTrho9J8kgdjbHNZ5PP/Re5m3mxVN6KEp0v7J7k66ZRkQTXw+sljVop:uAXqnhON8m3mzNHTdw6YSX+sleu5y
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  msncore.dll
- Size
  
  991KB
- MD5
  
  deaa38a71c85d2f9d4ba71343d1603da
- SHA1
  
  bdbb492512cee480794e761d1bea718db14013ec
- SHA256
  
  1dc120f34b294e964eee949c4d1ebd9c271715d46b38ae082fec2f1d505e8d65
- SHA512
  
  87b152b642a020e07ad46e9ed5b4a462c12cf0918f82025c230f662eddb3bf4b2d3aa15ca770970beae5988dd5d5d9b7bcaf7a77c6d2f3acf6d12826f3a9ead7
- SSDEEP
  
  12288:8I4v4jlJ3DBct3wTjlnkwMREiE0ICrNwfSTLRVDRAotTLkWg98JWfK:83t3wVkwmE9FCrN+STVV9AotTLkIJWfK
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  msvcr80.dll
- Size
  
  612KB
- MD5
  
  43143abb001d4211fab627c136124a44
- SHA1
  
  edb99760ae04bfe68aaacf34eb0287a3c10ec885
- SHA256
  
  cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03
- SHA512
  
  ced96ca5d1e2573dbf21875cf98a8fcb86b5bcdca4c041680a9cb87374378e04835f02ab569d5243608c68feb2e9b30ffe39feb598f5081261a57d1ce97556a6
- SSDEEP
  
  12288:mxzh9hH5RVKTp0G+vFhr46CI600yZmGyYG:mph9hHzVKOpt6MmGyY
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

rhadamanthysdiscoverystealer

behavioral8

rhadamanthysdiscoverystealer

behavioral9

behavioral10

behavioral11

behavioral12