rhadamanthys | 56f778ca2d5106f17df1254c161f4715f9fef59624534b9680cd79196ce856ae | Triage

Sharing

General

Target

Documento per confermare la violazione del copyright.zip
Size

198.1MB
Sample

250204-ng9klsvkft
MD5

cbc09ca7ccea42c34073c76ac71dc9eb
SHA1

a7273c69c8ebb18d37ec9637b17bae7de107638b
SHA256

56f778ca2d5106f17df1254c161f4715f9fef59624534b9680cd79196ce856ae
SHA512

5314aaf9ac916b11b1da6e04e1c1dfae884e5990b873e213140be6fced0e079a7e4d5cb7d8a7c318d00e4f4e6f55cee121bcb751dc038d103e48e2875ead0539
SSDEEP

6291456:tzFcQWj0ENJ8WMkzFnAnQd7psVSe/Tyoi7Y:tz+/xhaQJKV/TWk

Score

10^/10

rhadamanthys discovery persistence stealer

Malware Config

Targets

- Target
  
  Documento per confermare la violazione del copyright.exe
- Size
  
  6.1MB
- MD5
  
  4864a55cff27f686023456a22371e790
- SHA1
  
  6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
- SHA256
  
  08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
- SHA512
  
  4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
- SSDEEP
  
  98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score

10^/10

rhadamanthys discovery persistence stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  msimg32.dll
- Size
  
  521.0MB
- MD5
  
  501f6f8e97fd9ffa5d6c2cc362e59a64
- SHA1
  
  1aa765cf590a4becd4f4e1b81356f7b2c82aaec7
- SHA256
  
  df19478eb909225c2f6445ec33dc270f11b781e9bf315086d550071db80e6f36
- SHA512
  
  d4b65cd5e908ed0c2308cf0f4405ee68f155a9016d2c1786999f7a54a9673ee70ed53de51e2d2f46a41bf1a3ae594f59327ddfd3c1df6992444b4cff30589f0e
- SSDEEP
  
  1572864:Wq5Rusc3c6dAa2IRDjltGZA0m1QXN0VSwP+Nf9uDKcaluFyJPhm2R/p:KRzIfR/
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverypersistencestealer

behavioral2

rhadamanthysdiscoverypersistencestealer

behavioral3

behavioral4