rhadamanthys | a49ff3f86cb550b5f020bad1cda41939ae989f78981bf9db0195cc7c610c352b | Triage

Sharing

General

Target

R2SupportSolutionsFramework-13.0.1.131(1).exe
Size

16.6MB
Sample

250205-jd7jmawpgt
MD5

3e8009d0ab1c75035523cdb7632f913b
SHA1

f4ebded71378e672b114e0e0874323f0fae324a1
SHA256

a49ff3f86cb550b5f020bad1cda41939ae989f78981bf9db0195cc7c610c352b
SHA512

b2f98ece5cec805aadaa7be0138f87fbb417437b93356cd3afbcc88fc4adcb6890fa2bc3305fc4283394f64d071a9abf9b2e0e3f25bd8fec70e84905d20e4fdf
SSDEEP

393216:MEOOzazpkWpMPISQ5SbP1Yxr1ZImPru+NT/BeDfu2+l8:MpVkWpMPrQ07wumP5UP+l8

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://138.124.53.206:2718/0513d6f0ae961d/AVSX

Targets

- Target
  
  R2SupportSolutionsFramework-13.0.1.131(1).exe
- Size
  
  16.6MB
- MD5
  
  3e8009d0ab1c75035523cdb7632f913b
- SHA1
  
  f4ebded71378e672b114e0e0874323f0fae324a1
- SHA256
  
  a49ff3f86cb550b5f020bad1cda41939ae989f78981bf9db0195cc7c610c352b
- SHA512
  
  b2f98ece5cec805aadaa7be0138f87fbb417437b93356cd3afbcc88fc4adcb6890fa2bc3305fc4283394f64d071a9abf9b2e0e3f25bd8fec70e84905d20e4fdf
- SSDEEP
  
  393216:MEOOzazpkWpMPISQ5SbP1Yxr1ZImPru+NT/BeDfu2+l8:MpVkWpMPrQ07wumP5UP+l8
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer