Overview

overview

10

Static

static

1

settings.json

windows10-2004-x64

10

Resubmissions

17-02-2025 23:21

250217-3b3bnsvkbq 8

17-02-2025 22:59

250217-2yvdxavjan 10

17-02-2025 22:47

250217-2qlrsstqgv 3

17-02-2025 22:43

250217-2nmlbatqgm 3

17-02-2025 22:40

250217-2lvtxatqfk 3

16-02-2025 05:47

250216-ggyd1swlhz 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    settings.json

  • Size

    159B

  • Sample

    250217-2yvdxavjan

  • MD5

    bf7c91a40ae1aaa3e7537aaf156780f3

  • SHA1

    ace8ec14125ae7320c4efdfc89a82e0e3d2db91f

  • SHA256

    c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3

  • SHA512

    edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      settings.json

    • Size

      159B

    • MD5

      bf7c91a40ae1aaa3e7537aaf156780f3

    • SHA1

      ace8ec14125ae7320c4efdfc89a82e0e3d2db91f

    • SHA256

      c57a017b6865ca78a9a61e1b530084682cfb24c82e399b75e3d51ccbe5f94dc3

    • SHA512

      edcfe353a5cf1a3cc3bf78b60df950defd86a5f1d255ef74c17ea916f2c9bc4fe65e4c2a607a3bd7f7abd7ad2c59dfc18c45269c43000a23dffca083859feeb6

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks