rhadamanthys | 940d0e9a9879f1454432a8a11a4f34d2f632b0229067a7a5d3371d315af0d752 | Triage

Submit
Reports

Overview

overview

Static

static

1

New V1.0.1.exe

windows7-x64

New V1.0.1.exe

windows10-2004-x64

Sharing

General

Target

New V1.0.1.exe
Size

1.2MB
Sample

250131-zs8cgayqcj
MD5

ad290b652fa45465b8b87fe80de65a30
SHA1

169f51bef8092c6ca211e97de741c61cd5961345
SHA256

940d0e9a9879f1454432a8a11a4f34d2f632b0229067a7a5d3371d315af0d752
SHA512

4b1d5791c2d5cff1ee7c974a1e2a74500c2c2ad611533c440610f4b65fc7309d1a848f17a67f5d414bdf3eca23fbcd96ca2ec4e79a6608206ba26682164041c8
SSDEEP

24576:4dvoA4syS9NDce76ZSFivPtCm//rJwOiHxWPOzTEDRcc+UH7h3HsXMncRv:Wz79NDr6kivVCGJwPRWP2EKc+UbdM3d

Score

10^/10

rhadamanthys discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

New V1.0.1.exe

Resource

win7-20240903-en

rhadamanthys discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

New V1.0.1.exe

Resource

win10v2004-20250129-en

rhadamanthys discovery stealer

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  New V1.0.1.exe
- Size
  
  1.2MB
- MD5
  
  ad290b652fa45465b8b87fe80de65a30
- SHA1
  
  169f51bef8092c6ca211e97de741c61cd5961345
- SHA256
  
  940d0e9a9879f1454432a8a11a4f34d2f632b0229067a7a5d3371d315af0d752
- SHA512
  
  4b1d5791c2d5cff1ee7c974a1e2a74500c2c2ad611533c440610f4b65fc7309d1a848f17a67f5d414bdf3eca23fbcd96ca2ec4e79a6608206ba26682164041c8
- SSDEEP
  
  24576:4dvoA4syS9NDce76ZSFivPtCm//rJwOiHxWPOzTEDRcc+UH7h3HsXMncRv:Wz79NDr6kivVCGJwPRWP2EKc+UbdM3d
Score

10^/10

rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
- Probable phishing domain
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

© 2018-2025

Terms | Privacy