rhadamanthys | 6e722243696a6525fe5e873b77f5069fd5c6c7e9147d8a69a13675c67211e892 | Triage

Submit
Reports

Overview

overview

Static

static

1

start.bat

windows11-21h2-x64

Sharing

General

Target

start.bat
Size

32B
Sample

250210-r3qleawjc1
MD5

bf24697b5cb868ee7a5ddd4809d45dbc
SHA1

716a502d0392c6bbdc770f4146b995575f259373
SHA256

6e722243696a6525fe5e873b77f5069fd5c6c7e9147d8a69a13675c67211e892
SHA512

91c1f63a4337e19c7009892fe697b476b007e6d554afd5668bfdbb853a0874a6b91567340e87d9c18a58d7b99e059edb61048cf417eff3a7ea02cbfd83771082

Score

10^/10

rhadamanthys defense_evasion discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

start.bat

Resource

win11-20250210-en

rhadamanthys defense_evasion discovery stealer

windows11-21h2-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  start.bat
- Size
  
  32B
- MD5
  
  bf24697b5cb868ee7a5ddd4809d45dbc
- SHA1
  
  716a502d0392c6bbdc770f4146b995575f259373
- SHA256
  
  6e722243696a6525fe5e873b77f5069fd5c6c7e9147d8a69a13675c67211e892
- SHA512
  
  91c1f63a4337e19c7009892fe697b476b007e6d554afd5668bfdbb853a0874a6b91567340e87d9c18a58d7b99e059edb61048cf417eff3a7ea02cbfd83771082
Score

10^/10

rhadamanthys defense_evasion discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Enumerates VirtualBox registry keys
  defense_evasion
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VMWare services registry key.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdefense_evasiondiscoverystealer

© 2018-2025

Terms | Privacy