rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

31jan_aciddd.zip
Size

11.3MB
Sample

250203-t3xqtsykcp
MD5

944b736d52d0b379c59f13f03901b80f
SHA1

fb6b11e6fc753c0a88210f2142712980f10c7fe5
SHA256

219e3b92a6e5c8a58c62eb4ca18fc3449edfa0e4c179b44f1630ee6fb211f335
SHA512

98b81cf4c451da32e6b8056bb31f44e9ce2fbbe5d96021706b6d6b1d2853f704641af08a6e6e7cc91008e9337ae653c0c5b9c88747be3890f2316e1f60d281bf
SSDEEP

196608:pljbfOTiHtxox8vREDnW0hYUSm6Qk5O86SFHM6ajxbJEfnQweairgvffxzaf6uNF:pBbmTCK04PZ0QtTSFJaj9SfTvrfxzaSw

Score

10^/10

Malware Config

Targets

- Target
  
  31jan_aciddd.zip
- Size
  
  11.3MB
- MD5
  
  944b736d52d0b379c59f13f03901b80f
- SHA1
  
  fb6b11e6fc753c0a88210f2142712980f10c7fe5
- SHA256
  
  219e3b92a6e5c8a58c62eb4ca18fc3449edfa0e4c179b44f1630ee6fb211f335
- SHA512
  
  98b81cf4c451da32e6b8056bb31f44e9ce2fbbe5d96021706b6d6b1d2853f704641af08a6e6e7cc91008e9337ae653c0c5b9c88747be3890f2316e1f60d281bf
- SSDEEP
  
  196608:pljbfOTiHtxox8vREDnW0hYUSm6Qk5O86SFHM6ajxbJEfnQweairgvffxzaf6uNF:pBbmTCK04PZ0QtTSFJaj9SfTvrfxzaSw
Score

1^/10
behavioral1 behavioral2
- Target
  
  acid_nopump31.zip
- Size
  
  11.3MB
- MD5
  
  52d8607e8c337a7615c5f0d5a2033d83
- SHA1
  
  be6dadbf13662167467a7b399464632e5e063044
- SHA256
  
  fc8e9eea218b154610968e5ec783066eec2fc56efbd24a211d524b8b26e75ff2
- SHA512
  
  ae6ee8e490551670c16d80a66464acb16ae462bb343291b799684fdc8a8efd6548cd4861b6154eb3ca82b86c1388d9f8b24634dab6f48136afe6c765a9e9dc2a
- SSDEEP
  
  196608:vljbfOTiHtxox8vREDnW0hYUSm6Qk5O86SFHM6ajxbJEfnQweairgvffxzaf6uNK:vBbmTCK04PZ0QtTSFJaj9SfTvrfxzaSV
Score

1^/10
behavioral3 behavioral4
- Target
  
  bin2local/[ex]acid1.exe
- Size
  
  1.2MB
- MD5
  
  a408f39cef6236f43de3038325c1797b
- SHA1
  
  856066d03ad7faae5dd60d8e9f641fa4fe623b63
- SHA256
  
  978de0f64b32068bd7891c870ca55615a9937b3b29b49a5d64dc54382919aca8
- SHA512
  
  7ed362d9ddfc10593fc64da4f6392cd7b21155da53ea147c22b6bb913bfc321280228e02b3fc8dc5c7f0c54b878d62acec2d92a4b8a07c1c137ecac938cef6bc
- SSDEEP
  
  24576:XBbHHLIXfiCWjNESzV01yB3nDk/5LPIV9hN+EeRmGBlCdXgr:xbVCAHJI/5LwrWvvCdXgr
Score

10^/10

rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral5 behavioral6
- Target
  
  $TEMP/Unavailable
- Size
  
  93KB
- MD5
  
  f6ddccbdb7aaca275748eadf80b2fe66
- SHA1
  
  6356ce4f6335842828054ce36c8394bc63ebfed9
- SHA256
  
  fcf9b09e22833b1169b273a448214f810a74a167e688dcfde69d7f9e11880f9c
- SHA512
  
  d7696e0f20c35716695ff6831d355eb7092315a6d48dd333ba29378021adbfcfa5b91185c0722d0fa6c046e028f6de20860b37e20bb90d86b9e7b97f8b2291d6
- SSDEEP
  
  1536:T9avo3IVTubQqcM/umuPUeM8wYcZtTIciaX+5mNHXKdHHJyGqDKjiMA43fNc:5co30sAUeM9Ztfu5SXKdHJ1qWjiMAL
Score

1^/10
behavioral7 behavioral8
- Target
  
  MoveChoice/Committed
- Size
  
  54KB
- MD5
  
  d821e2b63580f332cb6d40df591b9a88
- SHA1
  
  58e2aee88db82f7ca51de0f694e8ca554c33a8fd
- SHA256
  
  3d8d15cf8f108b86a0e3e5be964b7a6c349f6d3d85ba75c411fbcda264260ff6
- SHA512
  
  b5688915b250bd6e66c676d7accd18d73848ba9b13c8cfbae0c7a6314f58d4150bf9f6c9623a3f4923c3194228a11c2e76fafbf1fc835426ba74ab9f7ffb6763
- SSDEEP
  
  768:8DMhPEovwZAKH5w4OEq4UIwbq5u4c9uEfgFWl+4XNvVR2H2UBnumrj81jrsnBFro:8oh9wqb0Xf9G9uEfgFWl+Ku2cesEnXZ
Score

1^/10
behavioral10 behavioral9
- Target
  
  MoveChoice/Image
- Size
  
  476KB
- MD5
  
  a3fabda4922043f202636f030d91415e
- SHA1
  
  f52eef855c6315ee32b8fb5cbfd736cb6e30722a
- SHA256
  
  31f176dcafe6f44db0abb607d973ec122252ee106d3a8464ebf009ca320b9aa2
- SHA512
  
  4c9060901fa5da5b5e0ae07ee6b64be01e82024c11c34fad4dede9d42d06ef589a09cb7326b7ba1795367b52c8fd36a342195b95d4077205898b3379fddcaa92
- SSDEEP
  
  12288:qsk1YNIOth3pq8bMzRQnJR+06ODW+3DuxTOsh2:fk11mh53MNQnK0603DE9h2
Score

1^/10
behavioral11 behavioral12
- Target
  
  MusclesCumulative/Bye
- Size
  
  91KB
- MD5
  
  1be298591623ad6c0f50014a8903712f
- SHA1
  
  391d84b0a12cde6a2b87fd91e5474116288290ee
- SHA256
  
  4ba4d7636b0cad20db4dde3781d1645cfeba927f25f6cf18b05c19634d10b3c5
- SHA512
  
  3f6c5b626c19682ef7f3e3832ffeb8e6b37e1aecfbf3883ac27ece9ac3f7b212d4f023600b9d7165ed3f1329ba72d41d248db379d51927719b54f648d06e581c
- SSDEEP
  
  1536:hDHRa5Dcu1PN2UlI+8hCsduGVIC9niVMtIpWEBSKjaZJyj:hzkRl1F2UlIngstVICovSBPyj
Score

1^/10
behavioral13 behavioral14
- Target
  
  MusclesCumulative/Joke
- Size
  
  50KB
- MD5
  
  b23484479d2135b6faf5a8d5014a5e52
- SHA1
  
  6adadf32e1467bc3fc2ea0be6e08c1a0130d47f8
- SHA256
  
  b005d3f9a19520e67c403459540f7ec8a5769a1524418e5489197ffce71d58dd
- SHA512
  
  d618607b1bfeded9985b8a0d178be75f0cece042aee10eb830edc1d9e7c1fc721bd0268cb4d11840d2f374f97e4eed2161f91ecf46811fc1ccabf1c652d066db
- SSDEEP
  
  1536:zvtqIQnT2/eDJuC7KUXY5zVv4xbuZFFtMRGSYITbyn:zTQnT2/aY7ACZFFtMRIf
Score

1^/10
behavioral15 behavioral16
- Target
  
  MusclesCumulative/Knight
- Size
  
  86KB
- MD5
  
  70ca3f70c2cc90f14e411ba404b6b7d8
- SHA1
  
  b1f002106af154839697124d34aa48a010daddd8
- SHA256
  
  742a79c9c0e28592fb844f6d136b00b84c450fbd9668450bc13b78f5e6a0817f
- SHA512
  
  bb4a8f58d3405531a64f4c1bdd88040329206d27f308adafd7071a7ee222f8ada619da9e260195e0ee3a3e5ce368f0274bdebe7c3c6580ebd2e8d74018245219
- SSDEEP
  
  1536:zgqdMY3BQS0rvcMwsHsHKuXspOnLV/Uh/3f1bnNIQgd0OcGYrjiSgk2QQ0ttS:LMYajrcS1I9Lih3JNRg6OcGjK2u7S
Score

1^/10
behavioral17 behavioral18
- Target
  
  MusclesCumulative/Ur
- Size
  
  68KB
- MD5
  
  073dec9c18e04d43d37f4dde54056b2b
- SHA1
  
  77210dff5576bc81dc40d11d1fd255816c971525
- SHA256
  
  bfee0639fa4503a3fef6c894ab98ca194a26d79063468e36a47ac2f09ce615aa
- SHA512
  
  f04fd58cdd4779e5f435257273716d6c6ae82b839d13bf75e8a814647d72ffd57c64897b72aad93ff8aa7b84431446cb70a71c6483cc1f43d05109127384efaa
- SSDEEP
  
  1536:HGUBfvBwV1f8W4gvgBt+o5prEiuS0rHJERo80KtHEpqBImhP:mUhE1oBD5PeHJSZFtHP
Score

1^/10
behavioral19 behavioral20
- Target
  
  SuspensionShop/Proudly
- Size
  
  54KB
- MD5
  
  a34ae33a22b4911fa7d843998e50611a
- SHA1
  
  1d1361171769c4f0c9542d86af294fb61cd26d4c
- SHA256
  
  4a0b98dca7e234c9bd35e719936ad8661c0ed5487bf7b8279a4087eac70059d1
- SHA512
  
  d22b2b331400091a61d6a87aac0d34816f3f0f8ed80643d9a9232551300169e7a0bac1054d719008a39d06729237bdc9a7ece7d2d59468418489f2508cf12dea
- SSDEEP
  
  1536:c5c+xZiuteUHii8rg4WmfUwMn770FFCu6FPEoE2o:tqBIW8r4mfUw+770zCu8ExZ
Score

1^/10
behavioral21 behavioral22
- Target
  
  bin2local/bin/Caliburn.Micro.Platform.Core.dll
- Size
  
  24KB
- MD5
  
  2cf4d7145490233066ec102d84588aae
- SHA1
  
  2a0d611326802d348be2ff05d0bd285e060cda6e
- SHA256
  
  965524c9dec9b7bddeaa2cadf861b99a1dbd67365f127b0d915a78a71bffd977
- SHA512
  
  3e19b2951734d8717bba0d3e4d759d6139473d583554ea98ec0e4098d39ede581fa3a160437a1d16ccb65bfa638bb0665f0ad5ea3660a374c285e831f08f0dd6
- SSDEEP
  
  384:M+ngaSI86FOpNGf02aRtxC/XalFr0M0mBINyb8E9VF6IYiTPxjGIOym:M+gao0mZLlFrdqEpYiTPxxe
Score

1^/10
behavioral23 behavioral24
- Target
  
  bin2local/bin/Caliburn.Micro.Platform.dll
- Size
  
  91KB
- MD5
  
  0c2d782474cb1bcce5d13809f3d830d2
- SHA1
  
  3df461fc544757490a4268b46c9dbeda00858a54
- SHA256
  
  e2253ab3f6c0db3a2fb090cdeeb1801a28c95586da27f20d7f685076f761b666
- SHA512
  
  a3b0cd7bc38a3c3fd3570a20bb4f9394fb52652be36725944729a6c5c2a50c944ac6e9c49e39dbb67da29c9820ce366d370210d96dd863d003de7b78401d718b
- SSDEEP
  
  1536:EcKhocw6c8Jjy1WKOXDCh4j7jrf/1W35aUGJjyNjbFdHIGP0aqdq7TPxxG:EcKhocw6VNyEDw4j7jj/0RvHFP0LqfxE
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin2local/bin/Caliburn.Micro.dll
- Size
  
  70KB
- MD5
  
  b7e5bc6e43d9055fdae0e30e9799e3ad
- SHA1
  
  be3d6bc6c55afca49b2c2dee042df24d103db435
- SHA256
  
  7262c0c36fca34271a5709d7d9413f48618f71358d38f0bc8ecffbececac5315
- SHA512
  
  7ea5033cea83a5fb960e31363004652caf44b4a28398a1c968b3aa96c74d301f2f353228e89b2381c7244a50b29818249208de5afa4f1ad4747c4dcdc242be93
- SSDEEP
  
  768:tMfKCtfijb+u4uOltm2JUUPzpu32XuSeqbPfhd+UdyFR37dtQYcqAEGXMRowpdMh:0pu08KDdPdiR37456Gcu9CvC07TPxxyB
Score

1^/10
behavioral27 behavioral28
- Target
  
  bin2local/bin/ControlzEx.dll
- Size
  
  212KB
- MD5
  
  3abecaacebc927cdf23b2c011df8d40d
- SHA1
  
  4ae0341396dbaab4419a7f9fa1f4221a7ba87c41
- SHA256
  
  5fe189188709877514a38841654677eb326760e0dd1066917387864909bfc675
- SHA512
  
  4f960a786442ddf0156a7f3b789fb5069ab52ed1a9158d2bfa52767a8e8778d1d5c3e1df6c90b998a15a4a5b15319949296c09ef5bb192c7b375c94347910d11
- SSDEEP
  
  6144:VuH8Cg4Uye0pW8WLawepY8OQk7pqV3Fva4+TP:O/vXcL5
Score

1^/10
behavioral29 behavioral30
- Target
  
  bin2local/bin/ControlzEx.pdb
- Size
  
  685KB
- MD5
  
  95ad9dc53d104d709ee179d85ce83def
- SHA1
  
  c7bed5d7fe6421c547c4cbde7c986984cd6aea21
- SHA256
  
  b46feb5b41a16f6dcf37001f5775ba59a1e4cf9eb7d0665f1724b917c30a3983
- SHA512
  
  3e5593f2d573b3a5bfa05408d409c2d562c90dd700b98b9c8a63454249ed69f71add820e1a0ec71b009ba05ce4f438683ec5e0ae99a27be2df87af66e11b5981
- SSDEEP
  
  6144:0pr12iW1CzyRJywCHyL/+/d5Zbk3RCLhr2a9fucQaVK60RyOKpvDi2jf5sxpr12d:0ph12XyhH8pxbp60cpcph12XyhHNr
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Rhadamanthys payload

Rhadamanthys family

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32