rhadamanthys | c4db5b9cb388bbd849478f97b9698ff419824418d778c8726d20ffaca97ffe79 | Triage

Sharing

General

Target

2025-04-03_f5e0d5257ead967f9ed9a32b18247071_amadey_black-basta_luca-stealer_remcos_smoke-loader
Size

34.1MB
Sample

250403-1gkygaxkv8
MD5

f5e0d5257ead967f9ed9a32b18247071
SHA1

768e71a380cd4aa4993a0b8b9cc6c4de31b5ad0b
SHA256

c4db5b9cb388bbd849478f97b9698ff419824418d778c8726d20ffaca97ffe79
SHA512

c2f4445edc85bc622f6b11213f466eea36f5ee8b6f05a7842d47da0e78ebfb249ba3afa349fe543a8d066b42ec9d096f6ade253b16a387e6f5acdf6d8bd9a510
SSDEEP

24576:F3+sUmpUcWpJF/mAPRNZnzOA1iHIB8bJpAA:dGcWt+APRNwV7wA

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://5.182.87.249:9390/6d0645a0895f54c8/plg68h58.4tel1

Targets

- Target
  
  2025-04-03_f5e0d5257ead967f9ed9a32b18247071_amadey_black-basta_luca-stealer_remcos_smoke-loader
- Size
  
  34.1MB
- MD5
  
  f5e0d5257ead967f9ed9a32b18247071
- SHA1
  
  768e71a380cd4aa4993a0b8b9cc6c4de31b5ad0b
- SHA256
  
  c4db5b9cb388bbd849478f97b9698ff419824418d778c8726d20ffaca97ffe79
- SHA512
  
  c2f4445edc85bc622f6b11213f466eea36f5ee8b6f05a7842d47da0e78ebfb249ba3afa349fe543a8d066b42ec9d096f6ade253b16a387e6f5acdf6d8bd9a510
- SSDEEP
  
  24576:F3+sUmpUcWpJF/mAPRNZnzOA1iHIB8bJpAA:dGcWt+APRNwV7wA
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhadamanthysdiscoverystealer