rhadamanthys | ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

Sharing

General

Target

ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
Size

1.7MB
Sample

240614-ahpd6sxbnd
MD5

4363d52fe7027df2212ad2b3333ebaf9
SHA1

beac1fc8c012a28cb9f38f6e4296278543048fcf
SHA256

ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
SHA512

bb5bcb9f7b42d370b86ad7d4c16605d9bf755fd2291a70716facc2aa62baf45aabf068882c413334332af5819a97c9c4d7703edb9ec84edd8e87c57bab36acee
SSDEEP

24576:ZMm5SH6MIl3LkGDhsmD/U0wA77v+M0yYvh3J9oeVaEJyqH2ai519He:ZMm5Lnl7kSUEXvAyUh3J9oeVaEk5rHe

Score

10^/10

rhadamanthys spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc.exe

Resource

win7-20240508-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc.exe

Resource

win10-20240404-en

rhadamanthys spyware stealer

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
- Size
  
  1.7MB
- MD5
  
  4363d52fe7027df2212ad2b3333ebaf9
- SHA1
  
  beac1fc8c012a28cb9f38f6e4296278543048fcf
- SHA256
  
  ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
- SHA512
  
  bb5bcb9f7b42d370b86ad7d4c16605d9bf755fd2291a70716facc2aa62baf45aabf068882c413334332af5819a97c9c4d7703edb9ec84edd8e87c57bab36acee
- SSDEEP
  
  24576:ZMm5SH6MIl3LkGDhsmD/U0wA77v+M0yYvh3J9oeVaEJyqH2ai519He:ZMm5Lnl7kSUEXvAyUh3J9oeVaEk5rHe
Score

10^/10

rhadamanthys spyware stealer
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

rhadamanthysspywarestealer

© 2018-2024

Terms | Privacy