rhadamanthys | 6ed0f1bc6415e6d8b736f0ab0cd8f2702154922b83d5336bc334a113a96605ff | Triage

Submit
Reports

Overview

overview

Static

static

1

setup.msi

windows7-x64

6

setup.msi

windows10-2004-x64

Sharing

General

Target

setup.msi
Size

24.1MB
Sample

240609-s6pnysca8y
MD5

020e143c50268e236a173e1271ab3d29
SHA1

24d92085a827fc66273305b2140685cf154b2184
SHA256

6ed0f1bc6415e6d8b736f0ab0cd8f2702154922b83d5336bc334a113a96605ff
SHA512

bea4dfd0ca74e6a45466b3e7b59d7d9c8debfe2f4ff40c079047b26b36eae9f6c08bfc448edd981e75d173e76c21bc7f6ec08660cfe660748026c9aecd8530cd
SSDEEP

393216:v7mYTELaw2xTbhKG7yEt27tLk8NNurG8BRaP2XW56KTMHUCZS/u:vREZ2xTbh97yEStZN69yPAnKFC8G

Score

10^/10

rhadamanthys execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

setup.msi

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.msi

Resource

win10v2004-20240426-en

rhadamanthys execution stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://opensun.monster/25053.bs64

Targets

- Target
  
  setup.msi
- Size
  
  24.1MB
- MD5
  
  020e143c50268e236a173e1271ab3d29
- SHA1
  
  24d92085a827fc66273305b2140685cf154b2184
- SHA256
  
  6ed0f1bc6415e6d8b736f0ab0cd8f2702154922b83d5336bc334a113a96605ff
- SHA512
  
  bea4dfd0ca74e6a45466b3e7b59d7d9c8debfe2f4ff40c079047b26b36eae9f6c08bfc448edd981e75d173e76c21bc7f6ec08660cfe660748026c9aecd8530cd
- SSDEEP
  
  393216:v7mYTELaw2xTbhKG7yEt27tLk8NNurG8BRaP2XW56KTMHUCZS/u:vREZ2xTbh97yEStZN69yPAnKFC8G
Score

10^/10

execution rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rhadamanthysexecutionstealer

© 2018-2024

Terms | Privacy