rhadamanthys | 275abb4ef28e545fb85f8db9b252d1a9ee88125c85dab777f2e01f74b4e4ca07 | Triage

Submit
Reports

Overview

overview

Static

static

1

BootstrapperExec.exe

windows7-x64

BootstrapperExec.exe

windows10-2004-x64

Sharing

General

Target

BootstrapperExec.exe
Size

120.0MB
Sample

250206-1e8azsxnh1
MD5

9b5895f9fd9b9db54f1568546610333b
SHA1

81ee063d90dadca3e030c358e47d373406d8a0fb
SHA256

275abb4ef28e545fb85f8db9b252d1a9ee88125c85dab777f2e01f74b4e4ca07
SHA512

4d3a5cda98d4e8c9877eada9f1406cbc4b5c986903405d4131a018c81122815901e04323c3f9c42006e039ca35f3f41c477a23d373cb3e6af655285ab2c0c495
SSDEEP

24576:0LXWbte6Ooz/0xef3/PJZGhEl/9XDcFPMu9YXMgmRJEmgChVYwBV7OTNVTpP:pbte61zQeHP/xXCIXSEnAFBV7mXF

Score

10^/10

rhadamanthys discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

BootstrapperExec.exe

Resource

win7-20240903-en

rhadamanthys discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

BootstrapperExec.exe

Resource

win10v2004-20250129-en

rhadamanthys discovery stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  BootstrapperExec.exe
- Size
  
  120.0MB
- MD5
  
  9b5895f9fd9b9db54f1568546610333b
- SHA1
  
  81ee063d90dadca3e030c358e47d373406d8a0fb
- SHA256
  
  275abb4ef28e545fb85f8db9b252d1a9ee88125c85dab777f2e01f74b4e4ca07
- SHA512
  
  4d3a5cda98d4e8c9877eada9f1406cbc4b5c986903405d4131a018c81122815901e04323c3f9c42006e039ca35f3f41c477a23d373cb3e6af655285ab2c0c495
- SSDEEP
  
  24576:0LXWbte6Ooz/0xef3/PJZGhEl/9XDcFPMu9YXMgmRJEmgChVYwBV7OTNVTpP:pbte61zQeHP/xXCIXSEnAFBV7mXF
Score

10^/10

rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

© 2018-2025

Terms | Privacy