rhadamanthys | 7dea4330525071e258fa1ec05d1aa44abdc046a9d7cbc7aab5cb6a10ebaf00dd | Triage

Submit
Reports

Overview

overview

Static

static

1

file.html

windows7-x64

file.html

windows10-2004-x64

1

Sharing

General

Target

file
Size

312KB
Sample

240613-w9dyeaxgjg
MD5

062033d29b2360355a50a03e588e350b
SHA1

0db5ea48582d67a6efca5d78edafab8bc655a778
SHA256

7dea4330525071e258fa1ec05d1aa44abdc046a9d7cbc7aab5cb6a10ebaf00dd
SHA512

4c15de043d288da5175be1d65eecdb97c68ff9f05a37c2a243520c0db5a3f3fabce56a1decec793b52dd36f0a9f812b988895039e810a9c269fdb4a4b67b6448
SSDEEP

3072:BiugAkHnjPIQ6KSEX/fHoPaW+LN7DxRLlzglKvVsuk:1gAkHnjPIQBSEnIPCN7jBvVsuk

Score

10^/10

rhadamanthys evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.html

Resource

win7-20231129-en

rhadamanthys evasion stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.html

Resource

win10v2004-20240611-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  file
- Size
  
  312KB
- MD5
  
  062033d29b2360355a50a03e588e350b
- SHA1
  
  0db5ea48582d67a6efca5d78edafab8bc655a778
- SHA256
  
  7dea4330525071e258fa1ec05d1aa44abdc046a9d7cbc7aab5cb6a10ebaf00dd
- SHA512
  
  4c15de043d288da5175be1d65eecdb97c68ff9f05a37c2a243520c0db5a3f3fabce56a1decec793b52dd36f0a9f812b988895039e810a9c269fdb4a4b67b6448
- SSDEEP
  
  3072:BiugAkHnjPIQ6KSEX/fHoPaW+LN7DxRLlzglKvVsuk:1gAkHnjPIQBSEnIPCN7jBvVsuk
Score

10^/10

rhadamanthys evasion stealer
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rhadamanthysevasionstealer

behavioral2

© 2018-2024

Terms | Privacy