rhadamanthys | fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3 | Triage

Submit
Reports

Overview

overview

Static

static

3

Launcher.exe

windows7-x64

Launcher.exe

windows10-2004-x64

Sharing

General

Target

Launcher.exe
Size

4.8MB
Sample

240616-b6jn9syaqp
MD5

f3b1dd838a59c419431c5aa86c1a4feb
SHA1

85ac1eb8a03bedcfbc3d44cedeb802f5cae2ea0a
SHA256

fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3
SHA512

dbaac6b3c531cd84eac6a9440534d18cbc599826357b1efe36cdd16be163bd68c6ddd4d3211efca0d5e8c2ca6868cfb0fb3c3e0584c515b89e1ab1cac8ef6889
SSDEEP

98304:1vW7Ru1fkpfVmr/V9JfzD+p05u9qgo67Smy9BHbCMMjgml7/lg+QXcAz:JibHmTJfzAyQRoRmA1H8eFsA

Score

10^/10

rhadamanthys execution persistence pyinstaller stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Launcher.exe

Resource

win7-20240221-en

rhadamanthys execution pyinstaller stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Launcher.exe

Resource

win10v2004-20240611-en

rhadamanthys execution persistence pyinstaller stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Launcher.exe
- Size
  
  4.8MB
- MD5
  
  f3b1dd838a59c419431c5aa86c1a4feb
- SHA1
  
  85ac1eb8a03bedcfbc3d44cedeb802f5cae2ea0a
- SHA256
  
  fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3
- SHA512
  
  dbaac6b3c531cd84eac6a9440534d18cbc599826357b1efe36cdd16be163bd68c6ddd4d3211efca0d5e8c2ca6868cfb0fb3c3e0584c515b89e1ab1cac8ef6889
- SSDEEP
  
  98304:1vW7Ru1fkpfVmr/V9JfzD+p05u9qgo67Smy9BHbCMMjgml7/lg+QXcAz:JibHmTJfzAyQRoRmA1H8eFsA
Score

10^/10

rhadamanthys execution pyinstaller stealer upx persistence
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rhadamanthysexecutionpyinstallerstealerupx

behavioral2

rhadamanthysexecutionpersistencepyinstallerstealerupx

© 2018-2024

Terms | Privacy