rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.zip
Size

11.4MB
Sample

250414-wwjxhawrx8
MD5

a42e6c527fc3bf57367b2d016779acc8
SHA1

3735e575b1f821d2262ad12f14aef680b23aca2e
SHA256

eace7dbe1de734d094f6a39b4eee2b3259db02a38f14cdccf3006af7c6b8b3b5
SHA512

45b5544401a34bd88f2cffb8b0674a4659a3895d411e315adbc4c99f87879952f1dfb3bf2780e42c0e3c37079a0abe0a0bec7d5cecf07eb1dec7626a19f72484
SSDEEP

196608:mcfvHBPNq+B0P8YpNo1zfVjuqQiZ26sSfFai02b51kNPve2+Qb4hwee0+nc5:NXRsQ07o1zdUiZjsIJ02b5112+QbKec5

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://135.181.4.162:2423/97e9fc994198e76/5vasbsn8.w2nxs

Targets

- Target
  
  Solara/Debug/Addition.dll
- Size
  
  30KB
- MD5
  
  f22e849a370cdf127f48beab596bdd81
- SHA1
  
  fb1da47c7a246f2cda7f7686a468efafd9933b1e
- SHA256
  
  8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
- SHA512
  
  6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
- SSDEEP
  
  768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score

1^/10
behavioral1
- Target
  
  Solara/Debug/Helper.dll
- Size
  
  189B
- MD5
  
  9bb9aba5dd893bbccfa45e2d75d55d26
- SHA1
  
  5714796513341ac3159a6a3c23d4769209063d35
- SHA256
  
  6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
- SHA512
  
  f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score

1^/10
behavioral2
- Target
  
  Solara/Debug/Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral3
- Target
  
  Solara/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral4
- Target
  
  Solara/Solara.exe
- Size
  
  432KB
- MD5
  
  3ad28512794a4e91397f2903543e7220
- SHA1
  
  514e414f6bbcf4fc4991d4df3b48d66c6c8efa8a
- SHA256
  
  115c0569f04cd121172cb2b7689a67715db4f7e33cb2c0a04eaa4de59078293b
- SHA512
  
  f1dc4a8f6d69cc9589e2dea82aca91c3f46da1d322e0138862d9be3ccd6754c8624cb77b37d8884f7402cc1c747845f10993aa80ac9b50e2f19feaac9589e3a6
- SSDEEP
  
  6144:yzEo3MgLXCbN91YdOnCjhIoCQ8uUiEXJTUfs5wOSzmaq55SeFrLVNaG:TQMgAjCaoguvE59uzmaqnx/
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  Solara/accessibilitycpl.dll
- Size
  
  274KB
- MD5
  
  f316026e08074300cbdcd8453bfd3116
- SHA1
  
  c7494558e98e42930b83349ea816963147242fba
- SHA256
  
  a28ef80b49f85f95f929d5c40245b05f95d58bb672764c3539ce69098db9bcc2
- SHA512
  
  cb205111f99cdd4ab930644dfc910f82015175c452be330dcdbee3cff3a07234bf6e77c5967a33fb02ec0bdd993b96b19964160a5511dcfa684a77508aede047
- SSDEEP
  
  6144:2f/fsr6htcMmmdxeAXXDoDGNIPTympgJp3P:O/fsr6hCtUxeLymW
Score

1^/10
behavioral6
- Target
  
  Solara/oleprn.dll
- Size
  
  148KB
- MD5
  
  e0f375597c9bc2d444be3dc6a65f06e9
- SHA1
  
  11589152b702675bb211054020e33f2659c34842
- SHA256
  
  3e595c971729c2eb7879b6ce468d11e286ea98fa8c1abf93abbc5888542013d0
- SHA512
  
  0299035f227cf1285d1f149c5e67805d1f8c78469fd6fefdbc4616b3f555f7f52c8addc0dc004ce9971223a48892ce0ecee316e4d5dd6583a02093b7d8d866c0
- SSDEEP
  
  3072:DcSblOUyLB7OCm6U0FRwOyu3tkdwdxyDhkpN0Fc:Dc+8UyLBOmrwOyVOl
Score

1^/10
behavioral7
- Target
  
  Solara/wwancfg.dll
- Size
  
  103KB
- MD5
  
  997b0b584ffab0b7ff9cbbfc60d60bd2
- SHA1
  
  2985c0144da0e9f5dcc0092ac54a5ff99a63f761
- SHA256
  
  c4b1f99e87b4568b5b9ff2ded05cebc55376051d44877f5574f2c125566ce604
- SHA512
  
  b77553b7a2f5a55ad4dfa49f241961ddce650dd490f0b15b52dfc3c7018e2ba7d28f8387e150177ea3cf12c827afa7a2b7b9eec863199a829a11311bd9607b69
- SSDEEP
  
  1536:IGYSem4xUPfgSD0B7+Kcdo5j0XNijwb8Pxsr8jtlelXLZpFtBH0:xYcpPfgSDWa3dJU88pNpUlXVXjH
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Rhadamanthys family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8