rhadamanthys

General

Target

ram.ps1
Size

155B
Sample

250206-yyyjsavrdw
MD5

6a07358a9e4146d50f59090fe0d9ffd6
SHA1

51b5ebe903a261ef6dea38c27817b65d4ff77dcc
SHA256

a4f0774f5e78135e7efea0b8c887fcb216d4aae11334aaba707a7a42f7f3173d
SHA512

6bd54737c4d91905b3955eff3413592da4f9142f1e77da42833449e02301d3882619e8d6708c076b0498919709a1b296648017a27e8b9c015754733188b64eb7

Score

10^/10

Malware Config

Targets

- Target
  
  ram.ps1
- Size
  
  155B
- MD5
  
  6a07358a9e4146d50f59090fe0d9ffd6
- SHA1
  
  51b5ebe903a261ef6dea38c27817b65d4ff77dcc
- SHA256
  
  a4f0774f5e78135e7efea0b8c887fcb216d4aae11334aaba707a7a42f7f3173d
- SHA512
  
  6bd54737c4d91905b3955eff3413592da4f9142f1e77da42833449e02301d3882619e8d6708c076b0498919709a1b296648017a27e8b9c015754733188b64eb7
Score

10^/10

execution rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Rhadamanthys payload

Rhadamanthys family

Suspicious use of NtCreateUserProcessOtherParentProcess

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2