rhadamanthys | fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
14-02-2025 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3.exe
Size

439KB
MD5

011827ebdf113755102a47987b718587
SHA1

d8d946a6df1649972694312e299aeff3cf2afb9b
SHA256

fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3
SHA512

0252ddae07e7687966fd21cf453d1328e7d1c92b1cb0f7106cdb9565c1945f599b8bf5e460fc163339931a3c3b73bdd467c3d1d92649ef614b0e757a8cf26a3a
SSDEEP

12288:1O7k28xC7HMDVBjfbL5S6IZ7OGQN/RutyU3ivG/Zt9:+OS6IZ7QN/R8yoaG/b

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Signatures

Detects Rhadamanthys payload 2 IoCs

resource	yara_rule
behavioral1/memory/2000-0-0x0000000000DF0000-0x0000000000E71000-memory.dmp	Rhadamanthys_v8
behavioral1/memory/2000-4-0x0000000000DF0000-0x0000000000E71000-memory.dmp	Rhadamanthys_v8

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Rhadamanthys family
rhadamanthys

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3.exe

C:\Users\Admin\AppData\Local\Temp\fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3.exe
"C:\Users\Admin\AppData\Local\Temp\fcfb94820cb2abbe80bdb491c98ede8e6cfa294fa8faf9bea09a9b9ceae35bf3.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x0000000000DF0000-0x0000000000E71000-memory.dmp

Filesize
516KB

Download
memory/2000-1-0x0000000000580000-0x0000000000980000-memory.dmp

Filesize
4.0MB

Download
memory/2000-4-0x0000000000DF0000-0x0000000000E71000-memory.dmp

Filesize
516KB

Download
memory/2000-2-0x0000000000580000-0x0000000000980000-memory.dmp

Filesize
4.0MB

Download
memory/2000-3-0x0000000000580000-0x0000000000980000-memory.dmp

Filesize
4.0MB

Download
memory/2000-5-0x0000000000580000-0x0000000000980000-memory.dmp

Filesize
4.0MB

Download