rhadamanthys | 35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

35ed65d991...97.exe

windows7-x64

35ed65d991...97.exe

windows10-2004-x64

Sharing

General

Target

35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297.exe
Size

934KB
Sample

250318-cyal3asxfx
MD5

7def16e0ceea0ad69d53e0e636541dd9
SHA1

92080bb5ad272cf69f69aa0588856cda4b4b1c28
SHA256

35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297
SHA512

9616fb69ed3fd6d59ae060a671c5af86f0d7e1a4e6f8436a9c7244928a2bb1f0a76ec4f1968f77180141493c16a4e1090faf8786ead929c3bd3812f2e09e596a
SSDEEP

24576:gbVB9BI+CacE07NGWx1G0MEL2XH09GIGiSUS00dpf:qVrIacF7dnMBXU9GIzSUlypf

Score

10^/10

rhadamanthys discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297.exe

Resource

win7-20241010-en

rhadamanthys discovery stealer

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297.exe

Resource

win10v2004-20250314-en

rhadamanthys discovery stealer

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

rhadamanthys

C2

https://188.208.197.140:5906/9c546e1bf3c6b5dc20/a3523sr9.121ks

Targets

- Target
  
  35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297.exe
- Size
  
  934KB
- MD5
  
  7def16e0ceea0ad69d53e0e636541dd9
- SHA1
  
  92080bb5ad272cf69f69aa0588856cda4b4b1c28
- SHA256
  
  35ed65d9919843300db648bf93ae57d7330095eb1ce18d6c6050db88a2e4f297
- SHA512
  
  9616fb69ed3fd6d59ae060a671c5af86f0d7e1a4e6f8436a9c7244928a2bb1f0a76ec4f1968f77180141493c16a4e1090faf8786ead929c3bd3812f2e09e596a
- SSDEEP
  
  24576:gbVB9BI+CacE07NGWx1G0MEL2XH09GIGiSUS00dpf:qVrIacF7dnMBXU9GIzSUlypf
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer

behavioral2

rhadamanthysdiscoverystealer

© 2018-2025

Terms | Privacy