rhadamanthys | a5bc3dc0c69ff4fafa4bc2a4cf06f5911a64cd8ee670046d3ee62716026ca5a5 | Triage

Sharing

General

Target

random.exe
Size

762KB
Sample

250122-rjd39s1lfl
MD5

1df12b67dbeaffa74bba4936ec4730c2
SHA1

4bb7c9af058f6b3701c7fc2afb37ea71c1a96b5d
SHA256

a5bc3dc0c69ff4fafa4bc2a4cf06f5911a64cd8ee670046d3ee62716026ca5a5
SHA512

c41b16813afebe2cff4fb818a58205ccee78dc5c90a9b94e50d96facfa38e57c5dcac32c9eb9068e3d68e8af7943c8edf3c8712d5551ae614f4142c2ba238a1d
SSDEEP

12288:OhTLoo2MYhal8iLMMX/g1jtiF4mPmBu7Iv5ou:OdLp2MYsrmwPSusF

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.184.26.10:4928/e4eb12414c95175ccfd/INSTALLS

Targets

- Target
  
  random.exe
- Size
  
  762KB
- MD5
  
  1df12b67dbeaffa74bba4936ec4730c2
- SHA1
  
  4bb7c9af058f6b3701c7fc2afb37ea71c1a96b5d
- SHA256
  
  a5bc3dc0c69ff4fafa4bc2a4cf06f5911a64cd8ee670046d3ee62716026ca5a5
- SHA512
  
  c41b16813afebe2cff4fb818a58205ccee78dc5c90a9b94e50d96facfa38e57c5dcac32c9eb9068e3d68e8af7943c8edf3c8712d5551ae614f4142c2ba238a1d
- SSDEEP
  
  12288:OhTLoo2MYhal8iLMMX/g1jtiF4mPmBu7Iv5ou:OdLp2MYsrmwPSusF
Score

10^/10

discovery rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthysdiscoverystealer