rhadamanthys | daf5aa71d4cdbcc118abaa713a6c2140af1bbe6f6dba1fb79869bcb8563959f8 | Triage

Sharing

General

Target

Proverelativeallaviolazionedeidirittidipropriet.zip
Size

18.2MB
Sample

250203-r8nzrstqav
MD5

7d8e76c088c7d6f3e7c812c68597b0cd
SHA1

b88ddf332de6b372448bfce9d47d6aa8a350d2b6
SHA256

daf5aa71d4cdbcc118abaa713a6c2140af1bbe6f6dba1fb79869bcb8563959f8
SHA512

6f1e26e01c9e7a307f6a28fa44cbabb0aaa1e4877c0f580a42c008db7bdbd6aca0207b38ab4238eb75bf803b9d63fe933ae38b6be37eeb25add421cf18eccce9
SSDEEP

393216:+W63TYl21ioTU9DU+UHBOWYrgoXhT5Jv60dliOnQZ7hZzyFI/Euq8uz4:V2LESR+hTv/l9AhZcvz4

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Targets

- Target
  
  Prove relative alla violazione dei diritti di proprietà.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

rhadamanthys discovery persistence stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  msimg32.dll
- Size
  
  32.0MB
- MD5
  
  cb4e9e216d60f78b77561660b8225cbf
- SHA1
  
  e5934f0a0b3a59767a5177e1e6d141079d62d84b
- SHA256
  
  b234f0449e2e998879a11deb0937d7279d28b832348aa9f5c0e911a2dfe3847e
- SHA512
  
  6384f9006f7b54aad9c29547592749f061339b66de4eeb89b18f654e29fa5e53fc613a57a4e1acd649a60d6606d6414e8550fb852bacba7ae6bc6f71dfdacc25
- SSDEEP
  
  786432:Fq5Rusc3c6dAa2IRDjltGZA0m1QXN0VSwP+Nf9uDKcaNLuFy1j7Luo/hX+KdMNDn:Fq5Rusc3c6dAa2IRDjltGZA0m1QXN0V1
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverypersistencestealer

behavioral2

rhadamanthysdiscoverypersistencestealer

behavioral3

behavioral4