rhadamanthys | 3fb6948c6dcbeec334b3722fd0a61676094a2171a7eb88164534cb17dded7819 | Triage

Submit
Reports

Overview

overview

Static

static

1

standalone/run.bat

windows11-21h2-x64

Sharing

General

Target

standalone.zip
Size

11.1MB
Sample

250210-xqw6baslgv
MD5

c4b1e084e7d1a061d3fc2d2004148e1e
SHA1

3b4965de610165201319ffb0e3dd37537d417356
SHA256

3fb6948c6dcbeec334b3722fd0a61676094a2171a7eb88164534cb17dded7819
SHA512

092395d9b45443d96746d4dad1c0229c8361d480485ef0248e23d7247c591caf701daef7479945433ff916bf46249bd0352c5740ac6d6e39097274566d91720b
SSDEEP

196608:xc5otJBDSxyeBHlNN0LMVHTnAE/NWiaF1BZZ1qtKyMFnzZcV8D5tz7v9toN4flMU:+atJBQtBHl8L8TnAziciIyEdnz0a9w+h

Score

10^/10

rhadamanthys stealer

Static task

static1

Behavioral task

behavioral1

Sample

standalone/run.bat

Resource

win11-20250210-en

rhadamanthys stealer

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  standalone/run.bat
- Size
  
  20B
- MD5
  
  d5dcfc4a880ac2ab6c92ed02368e299a
- SHA1
  
  3f9787360815416373dcb3ff9c8a9f2437eb5a72
- SHA256
  
  74bf0562d4f563924e643f8c14940e7cb85ca38e8c18601b9dcabb00ee2d7a86
- SHA512
  
  0da00a32fd90c9799aa224f3ffb33d67cfae643e6c81a4abfb17196c86115dfba386ffb65f8a3300c71b16048eea9d6df28a6f81a8984f5d982e43250f337bb5
Score

10^/10

rhadamanthys stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysstealer

© 2018-2025

Terms | Privacy