rhadamanthys | c183a223158f94047bb5e6e332ee7b3af74516d8d3c9831c6c6efa75843995e1 | Triage

Submit
Reports

Overview

overview

Static

static

1

paint.net....eb.exe

windows11-21h2-x64

Resubmissions

05-02-2025 22:11

250205-134ygawmaj 10

04-02-2025 03:17

250204-dtf4qavlgj 7

Sharing

General

Target

paint.net.5.1.2.install.anycpu.web.exe
Size

1.2MB
Sample

250205-134ygawmaj
MD5

9605c02b8bb135e3ffa6a20d7aa8b9e6
SHA1

435fcf847cc70da75f0a9e2fac07567b6871a02e
SHA256

c183a223158f94047bb5e6e332ee7b3af74516d8d3c9831c6c6efa75843995e1
SHA512

a75c3267d7d5fb77c6b4fd3acf401478ea1c70e9cd6c6df76bb5d7c20de43508545668ed0c704576deebe9abcaebbb9c2fdc5de860600688519729ddc55bda72
SSDEEP

24576:RQ0VuvoyQOLhTaEaweB7qJJT6F18o83b39VqeL:RQ0VYDfhTwOJTSW3Z9

Score

10^/10

rhadamanthys discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

paint.net.5.1.2.install.anycpu.web.exe

Resource

win11-20241007-en

rhadamanthys discovery spyware stealer

windows11-21h2-x64

26 signatures

900 seconds

Malware Config

Targets

- Target
  
  paint.net.5.1.2.install.anycpu.web.exe
- Size
  
  1.2MB
- MD5
  
  9605c02b8bb135e3ffa6a20d7aa8b9e6
- SHA1
  
  435fcf847cc70da75f0a9e2fac07567b6871a02e
- SHA256
  
  c183a223158f94047bb5e6e332ee7b3af74516d8d3c9831c6c6efa75843995e1
- SHA512
  
  a75c3267d7d5fb77c6b4fd3acf401478ea1c70e9cd6c6df76bb5d7c20de43508545668ed0c704576deebe9abcaebbb9c2fdc5de860600688519729ddc55bda72
- SSDEEP
  
  24576:RQ0VuvoyQOLhTaEaweB7qJJT6F18o83b39VqeL:RQ0VYDfhTwOJTSW3Z9
Score

10^/10

rhadamanthys discovery spyware stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoveryspywarestealer

© 2018-2025

Terms | Privacy