rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno[1].exe
Size

1.3MB
Sample

250313-sha6naykx7
MD5

0435617ec5199d7968cfe3aa59b00dd9
SHA1

6391174a55a9f12ce962f62fad945fcc13456526
SHA256

4919eb2ba14a5320af7060ec482746ad471d43e649a80965b3fdecc768dd2511
SHA512

c1bc509ac05a6f0fa6440eca3ae78b302163a4b788d3d7b1f8ba1a74e11e784b365ca7c4ca09ccdfc2744d4903deffc08f7d38d4d26b3fcc8cbb061c2e7f08ff
SSDEEP

24576:D3uitxLGgKbQO5adoRsKBL5sTAPCCkMnoMtq61jBa+g2e1J6s0vCm9K/1D2tIs+W:jrxXKbJadaJ5D3J/DxU+gr1Juam09mIC

Score

10^/10

Malware Config

Targets

- Target
  
  Xeno[1].exe
- Size
  
  1.3MB
- MD5
  
  0435617ec5199d7968cfe3aa59b00dd9
- SHA1
  
  6391174a55a9f12ce962f62fad945fcc13456526
- SHA256
  
  4919eb2ba14a5320af7060ec482746ad471d43e649a80965b3fdecc768dd2511
- SHA512
  
  c1bc509ac05a6f0fa6440eca3ae78b302163a4b788d3d7b1f8ba1a74e11e784b365ca7c4ca09ccdfc2744d4903deffc08f7d38d4d26b3fcc8cbb061c2e7f08ff
- SSDEEP
  
  24576:D3uitxLGgKbQO5adoRsKBL5sTAPCCkMnoMtq61jBa+g2e1J6s0vCm9K/1D2tIs+W:jrxXKbJadaJ5D3J/DxU+gr1Juam09mIC
Score

10^/10

rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  RestructuringStorage/Ad.cda
- Size
  
  97KB
- MD5
  
  9d76009030cebd2b61637a2ff632633b
- SHA1
  
  2594cd1ffd229cdfbbba6af8c3794d909c4a75c5
- SHA256
  
  2f3da93ec99eda38f4e0c0e9b4f43d4d11f230a5a415879e80ae5025e52ec752
- SHA512
  
  6ba7e6fa500b5c99a8c3c8b8bbf94b91b4f4222b715616e32bcb89d5217cef3ba783df3ec5c1fc7617661123d7ec67d2ebac079e2a9a526ea308587731c37e5f
- SSDEEP
  
  3072:8/r0/UEa5CXp/2t08HtJmyAKc4mYtg0OSymA1r762Fch:U0UToV2y8HzDcZKg0OGA1rjc
Score

1^/10
behavioral2
- Target
  
  RestructuringStorage/Candles.cda
- Size
  
  17KB
- MD5
  
  67d288ddfbd64288ee836f85c79bbe3e
- SHA1
  
  a4ea361ddefa78271ace60f696a7e7bc06701d73
- SHA256
  
  13e15a5cdcc7f7d1d14ff5cd16301affa73806bbc853328944fa5d8cacfd12d9
- SHA512
  
  294c8c87ed3ee4b07e98a94e9499333a223c635533d6a9db652bbc9460faf2d6471a80f17ff284eecd59390752f988ff81509739d80b9259e23f95a1f77b8b4f
- SSDEEP
  
  384:FMpUJrKJ8yqrMh/7Ipemq1CiURF3jJHn5Rwu4D3+zOb5Z/NMVea:FMptWycMhEdq17aF3VZRZ4T2cQIa
Score

1^/10
behavioral3
- Target
  
  RestructuringStorage/Cargo.cda
- Size
  
  78KB
- MD5
  
  deead8c5c5156c81b433581e467d790d
- SHA1
  
  46f905214114233c659390ca79a26bc7ea867b22
- SHA256
  
  59b3a1f07a81ececccf8e74dec98b3c6bb3d53819a7f2379d7ebe8df95770ce8
- SHA512
  
  9a8feb225a56b911dc3288a82730df28af6901c3860b3bcc95685b2456672b12afdbd45a14eadb493b70e472eceeb04ef4225f0ac059de330c72909a7b6eddab
- SSDEEP
  
  1536:Fj0Up8WdzYvuGApa/cPY0QzGMUPsiphqYskl5ZhPvlepz2tw:FJ+vqO0UGkIhqkw
Score

1^/10
behavioral4
- Target
  
  RestructuringStorage/Click.cda
- Size
  
  77KB
- MD5
  
  2cc4d93a13a0947770bf71809db7a6ea
- SHA1
  
  d460140e3acc6207655c7585001bd5b88cc748e6
- SHA256
  
  55a7561c01b246e6a769bb64b3e306bbb3b12e190afbe1fd020dc91f0bbf58c6
- SHA512
  
  b67155b3f4f1171ceb9dca650d5f01576cc2418ebc697182fe16f1580a9f964ed27f5b1c4902a53854956add2a52a02ec27ebdf000d174a6a555ecb070b7e847
- SSDEEP
  
  1536:Lm6NmzwO+/1PfDHsWcFG+xej4JlDzWYWfHk62hN1eW4Yn15rNLVA8s/f6sE3U:akvXLsWcE+xFJlefHt2DTn15BVA36hU
Score

1^/10
behavioral5
- Target
  
  RestructuringStorage/Drunk.cda
- Size
  
  81KB
- MD5
  
  b53b44452048d1f79aab4187bd7741dd
- SHA1
  
  b6033b3915594c07fd48bdac2054b266e9ff9ae4
- SHA256
  
  496f9fd798ca8aa06c9304fd5d73ca371ee7497908bd74d839b37d95b07d81c1
- SHA512
  
  cf69597c03d01c8a6811fe98cc683d8f962ecc9972cf7251108779d32254258774509d0ff57231fba9b78f428456a0f55e0fe4280469c9a63ee75b1f1799e0eb
- SSDEEP
  
  1536:AFTu6/x/6PHKUMNAZjN9aJ1b238ICgAocUBsBUrmZaDk9VQQ3frBrwx8/3n1wbP1:oHBkM+Zxk23VzAaDIJ1rPeh57PoL5C
Score

1^/10
behavioral6
- Target
  
  RestructuringStorage/Garlic.cda
- Size
  
  53KB
- MD5
  
  6da52d95e6fec14420174ee774eff497
- SHA1
  
  960d55684db66614560ed129be297ea99669300c
- SHA256
  
  122875092db6fb3b79bcf8d5b5cf7cb0651ed96291a0aa7670ba674330dc59d8
- SHA512
  
  e89d8634921d369f2d996f007a198358e21503449a14337e82406425e26447c38b666b745e9ab1657d50cf8c961dc0c048ad769a7796fcdd0fcbb01b86154409
- SSDEEP
  
  1536:F6XL/HA44HUckEGm86WBJ2a24GPgd1k/utF1FfEc7bJ/ule:FADHB40cd0j2a048mf1dqle
Score

1^/10
behavioral7
- Target
  
  RestructuringStorage/Learning.cda
- Size
  
  79KB
- MD5
  
  2447add9ef7fbc3db9f1f533514a2490
- SHA1
  
  ef0886005c946cec8f450c644ddf219f3e292715
- SHA256
  
  82f980ac40c070691fa4264277fb089ec87dedff40d889c7ae6cfc5f21ffe051
- SHA512
  
  dd84ded149e80fec88f24d7daeb911b4a2e842779ec21405b100d7c1859fa1f3151d4f9413783359a367c990a732a7090070380735022806f27d4d610d6b06cd
- SSDEEP
  
  1536:DUMcHVZLEN1pRWvt9OcItgKn7hvCkeraSM2OWWBw:QM8ZLGWVyhKker7M2OWWm
Score

1^/10
behavioral8
- Target
  
  RestructuringStorage/Milk.cda
- Size
  
  63KB
- MD5
  
  74db0d44d20d089c9b96910981c63e98
- SHA1
  
  5cb0bf4fd429e3e51786764b4bccc77a4b2e9a50
- SHA256
  
  1fcd4b87f9a417e42ee71ef092f73c80fbe6c0e91dc4fe1b86615610de3d5061
- SHA512
  
  4abb60f53205b5a7ed5c2fe02b70bd42bbc16213e71457be32c9da76f495351772662d7f8b3db527289198c759e6b7067d4e07e70a3494849793987e06659353
- SSDEEP
  
  1536:Nxxs02oQrnolDdq2bLMjysp7lGnz2SiGxEMYIbw3M:Hxs0vxd+2ytYXuM
Score

1^/10
behavioral9
- Target
  
  RestructuringStorage/Quality.cda
- Size
  
  477KB
- MD5
  
  479683196e67c0a98d79201de707b1a2
- SHA1
  
  2ec214394469fac9398c74c885384a1fcea91487
- SHA256
  
  6b301dddc4fbc8a032299e2ee008ad0ac277e3d3de2821265c3765abc3dc52f1
- SHA512
  
  44ee95c7cfdfe7bdbdaa5da9ce645e6b028868194e9cfd26017002f5c59b3f4786d7455c69bcdeda21890360626cda0d9457b9f97437a28c4c55913f158c1131
- SSDEEP
  
  12288:oo5WCPQKy5SxhRHRVH+JQkzufkrUOe9c1gFdAgw:oo5Cn5qHRVEHi9T+
Score

1^/10
behavioral10
- Target
  
  Avenue
- Size
  
  95KB
- MD5
  
  ffc7bc4c479d6ed4afedc7a0bfc498fe
- SHA1
  
  ea4ac12ea36bef6bf48b92f06a024828e747c93d
- SHA256
  
  9a6e8c7c4c77db65411fbf0544488f442fc134a1e9674bb95ea4f22f7f8e23f7
- SHA512
  
  128f66d832c96b1f47859bf284e226e868ab03fb9abebb979329a25b1a20b4d677623d418d5a56573900a6fbcdfdd6a750e62cf9dfee267a3359bf33a7af0150
- SSDEEP
  
  1536:juCYm9PrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHLh:KCThpmESv+AqVnBypIbv18mLthfhnuel
Score

1^/10
behavioral11
- Target
  
  Chi
- Size
  
  53KB
- MD5
  
  900676974b1eafd1a8646a935d14b22e
- SHA1
  
  3897d81c81f68f1e873d266fd237021250d76491
- SHA256
  
  5da863d069502feb391748ff78eda59812ad75dd02b47e05d2ef7d874bc5293d
- SHA512
  
  cc45f6bf0743c908967e89be3823773b77bbf9c3515291e6a544b73a9bc9d2158f0af89bc6cdb84580a580ff5e9ff02a1e2e68fca81bc15a78992fb414cc62dc
- SSDEEP
  
  384:nv888888NfU84444QnoooooooooooooooooooooooYooootooooooooooooooYog:dSGKAv
Score

1^/10
behavioral12
- Target
  
  Congratulations
- Size
  
  80KB
- MD5
  
  ee2fe2bf5afc597a25cfa2dc4585fe69
- SHA1
  
  6ba68ff319432c1c3b0ff98e720d48c67d217eb0
- SHA256
  
  91dabddbda26df9609f32bf6093a6a91099fc8e7e9c6727885ff7dc189ac5284
- SHA512
  
  1540ad7c9c70c455b868274e63e8c9648c8669c77f6ec480182f00116cb6f45c0677022e169dfa6e53737de40c1373f3b3c20a9f7be283b0e02c0dd58a6cf52e
- SSDEEP
  
  1536:w5C03Eq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLOB:60nEoXnmowS2u5hVOoQ7t8T6pUkBJRB
Score

1^/10
behavioral13
- Target
  
  Cw
- Size
  
  1KB
- MD5
  
  b3be8be6102401e7b8346c31aeb2bd2e
- SHA1
  
  f9120f6113facfdf486afd7b38541139491eb01b
- SHA256
  
  47662b07301483120fe76c90bbf86cb7b3d3ab41ff891b3aae5b6f5877377ccc
- SHA512
  
  006f64ad1747ac4ea730f4a382ef5951bf27b658324b06df0f49587893e47d7dbfbfb2d61da0cf267c16bea602d5cef76e342787fb9ce0cc111dbbef0d1af92b
Score

1^/10
behavioral14
- Target
  
  Devices
- Size
  
  137KB
- MD5
  
  24904b6392768beff8e080011531124d
- SHA1
  
  a403635bcec18f8409c190e947b5989cc39e3817
- SHA256
  
  fd70de521583bc3868ff2712617eac86d2f0dc18f7b3d871f8189b8c12deed23
- SHA512
  
  6a1f88cbe53f371af6a2533781d409aac823872764b5996592dda3776fed555f3338a9248d135a2088cbf43725226970785aed9c93e82fe48c421d10196ea699
- SSDEEP
  
  3072:upQSAU4CE0Imbi80PtCZEMnVIPPBxT/sZydTmRQ:u+SAhClbfSCOMVIPPL/sZs
Score

1^/10
behavioral15
- Target
  
  Drivers
- Size
  
  51KB
- MD5
  
  f790605f546d2e687345badea26862cb
- SHA1
  
  2c7a3eedfe402944f1b147cee0cb9151ed26307f
- SHA256
  
  4474264672b3aa7cd73e1c98c1a88e4debcafb34b106070332b751ca7d1ecc55
- SHA512
  
  0a994e8682b17300ad2bdd72a7202294c56fb59397ec18179706025fdebd971d478006915b4a06502d6f523854ca2fb0c16a855dd27f53d1db957fb6b4709ff6
- SSDEEP
  
  1536:nQlHS3cctlxWboHdMJ3RraSXL21rKoUn9y:QlHS3NxrHSBRtNPng
Score

1^/10
behavioral16
- Target
  
  Emails
- Size
  
  94KB
- MD5
  
  708a8b180364bae1dad0f35c22a49276
- SHA1
  
  c21ec42fba3bac16a946466d70fefa36ca0ecc39
- SHA256
  
  deb72b719c04181290f95ac6fcf2ffa26c06e2b15f270a67bea4f4d81ded1bba
- SHA512
  
  44c3e8896b7d40617338172886a1450793bf886c2c3ca9a294fbdc77dd8ee7781a5c9143aabc9dd7ad041ac6a6b3ecbf8647f55f7439577993d5498159d83fe9
- SSDEEP
  
  1536:jU0pkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOj:jUDQWf05mjccBiqXvpgF4qv+32eOyKO2
Score

1^/10
behavioral17
- Target
  
  Independently
- Size
  
  92KB
- MD5
  
  6b0059f6ab4dad979a5bbdd008ae9ea5
- SHA1
  
  07199d632b794a54df8a026d8131e188c4e1be0c
- SHA256
  
  e044504ad0f0c1a5d9743613a0f2598422c67b8bb33be9efdf1b32929ec60c28
- SHA512
  
  684849bfbe38102fffb66243292013e7c0e851bdb5cb72d6f925e857db84f85f9359f14512128edaada304d24e59a28157a10ae86ebdada0f602ecce8e49527f
- SSDEEP
  
  1536:9j6iTcPAsAhxjgarB/5el3EYrDWyu0uZon:R6whxjgarB/5elDWy4Z6
Score

1^/10
behavioral18
- Target
  
  Levy
- Size
  
  49KB
- MD5
  
  e39196aeef5d2e2d043d0743036453c4
- SHA1
  
  00c5f9c28add71a8f28ef19569bb93724b2f2c3e
- SHA256
  
  b57aa26c8df214c42d76839e9761229d3de4326375bec31cc71968ab6d0e93b5
- SHA512
  
  41b86ab1825f6c4c6b0cfca461dccc890d301eed03009cf736b5ad53271275ea30b00a03067ef9f4b5d22b5a623e1299a4b001d77da2164261e8d37eec742cb9
- SSDEEP
  
  768:2+9BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:2+9BGmdATGODv7xvTphAiPChgZ2kOE6
Score

1^/10
behavioral19
- Target
  
  Moments
- Size
  
  86KB
- MD5
  
  c91c1ac87208df1f4bc9ad5cc020b571
- SHA1
  
  242ce7b15f04d255cd324b57baee5b092a1aad6c
- SHA256
  
  c388fd3a8006f6002bf5f0606f28c3b1aec52cc5adead7e7113cf968a685748d
- SHA512
  
  a0e730f7de889b6d987807b8ad34fcced94048e873687b3a52a74ea9f613ce227e05cb7392dc766a1984afb6d77f05da5c27e95c2c4bbe630a197252a7e33d60
- SSDEEP
  
  1536:5anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusP3:5QLeAg0Fuz08XvBNbjaAtsP3
Score

1^/10
behavioral20
- Target
  
  Purchased
- Size
  
  109KB
- MD5
  
  c8b72511514176b98f88cb9b810e8734
- SHA1
  
  ef74755915229e17ef8be063ae79eb248abf95b1
- SHA256
  
  cb0706339f95cfbee2206e09e9a387a128c4e1385130a36ae6ecce1b1a05e48f
- SHA512
  
  e52e7ce121aa6bd92f77d20c3d9fc2a7de4a8601582770212f70b98b657aabd2007323dc2034a8121a71b14a8f4968ba735d0f8fe0fdddef332e34eecd818b79
- SSDEEP
  
  3072:IZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laWS:IK5vPeDkjGgQaE/l8
Score

1^/10
behavioral21
- Target
  
  They
- Size
  
  77KB
- MD5
  
  0787048effd905eac0720fcff54f4e39
- SHA1
  
  f50d87da025e6a7dc3c1521f3142455a45372b63
- SHA256
  
  36ca66c6b0a8d60a9dc9cad9ada4577da1d52963982f2a3c4f39fba1a3c8a06f
- SHA512
  
  88e215ce3502b3d4d46a3099bce6c723a2092ce7774e11c754223ec1f4e7c9bec5eb914b62fe6e5073d9a8dc0521b4d48a9df643733f34be353e3778d4d74ce4
- SSDEEP
  
  1536:QouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtKz:QoO5bLezW9FfTut/Dde6u640ewy4Za9L
Score

1^/10
behavioral22
- Target
  
  RestructuringStorage/Tourist.cda
- Size
  
  94KB
- MD5
  
  8d4baa550a8e4b3943d7990961be56df
- SHA1
  
  a19e5ea61e8c63fc5673787bb00cd2bf17490f84
- SHA256
  
  e4a4d8a6051597941bab63ac4a2d83501978436d9826496760d9841d46e031b0
- SHA512
  
  6a354adff672dad0c64135d896068ee2406d3721b72e5b935ce9f4ca7b8e089ed5737cad24d76c5a1804fd41a561e5cb5276c13faab48f602e32eb2fad03f56b
- SSDEEP
  
  1536:CxdZvXtBarQsLUlMFa0hYFEmXllqQvQBuNBZtPC4p6PiqqHzqrl32lZM3vtO7Tl:wdZtkrQsLUl8aS7GlqQvbZtq4MKTzolA
Score

1^/10
behavioral23
- Target
  
  RestructuringStorage/Zum.cda
- Size
  
  41KB
- MD5
  
  99ce6bbc27c6d10d30dfe38c9cfc9baf
- SHA1
  
  5f2198f49eefcbc78056e03cfe3ff7c1fd0f5f99
- SHA256
  
  a1cb3293acf7dd2f9f47644c7b51d1caef34c328ab9debb86b8e22b4f361afe2
- SHA512
  
  ccb080846dda9130a44319e7872d92db4a4a80dcc0a110947602047fb49b6ac54d53627bc6756c4db025ecde6f73ded16733f970022dae4678d79028570e9455
- SSDEEP
  
  768:F/gQINfpmVuE526zfBz73lNBGGjnqmGsy1+ufddBQJ84SswNblSQy:F/gJmx526zZzkgheRBW7
Score

1^/10
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Rhadamanthys payload

Rhadamanthys family

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24