rhadamanthys | 4c55bb0be66138f9c0a14afe676b5f27bd5e51faf3116a5130e08ae810630ada | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-06-19...il.exe

windows7-x64

2024-06-19...il.exe

windows10-2004-x64

Sharing

General

Target

2024-06-19_81a91432728086f4e842b7548c663492_magniber_revil
Size

58.5MB
Sample

240619-lgghqasdpn
MD5

81a91432728086f4e842b7548c663492
SHA1

1159a7a62d0294f697aedd2331daa7068d39f163
SHA256

4c55bb0be66138f9c0a14afe676b5f27bd5e51faf3116a5130e08ae810630ada
SHA512

c7f25fe90f73c0a9bb81bc60aa1e53409ac04306ffee1370a5f265eea388d7ca82b84340c0481c61a98c4c0987f154e8ef448cb2b52800e2f4a06f33abe46e83
SSDEEP

1572864:hNpJfO/7sER9gQWwUPGxZH0Zfy7l41HJHvE5ZyDiEMKrM:hHwPDKDvMKA

Score

10^/10

rhadamanthys persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-06-19_81a91432728086f4e842b7548c663492_magniber_revil.exe

Resource

win7-20240419-en

rhadamanthys persistence stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-19_81a91432728086f4e842b7548c663492_magniber_revil.exe

Resource

win10v2004-20240508-en

rhadamanthys persistence stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-19_81a91432728086f4e842b7548c663492_magniber_revil
- Size
  
  58.5MB
- MD5
  
  81a91432728086f4e842b7548c663492
- SHA1
  
  1159a7a62d0294f697aedd2331daa7068d39f163
- SHA256
  
  4c55bb0be66138f9c0a14afe676b5f27bd5e51faf3116a5130e08ae810630ada
- SHA512
  
  c7f25fe90f73c0a9bb81bc60aa1e53409ac04306ffee1370a5f265eea388d7ca82b84340c0481c61a98c4c0987f154e8ef448cb2b52800e2f4a06f33abe46e83
- SSDEEP
  
  1572864:hNpJfO/7sER9gQWwUPGxZH0Zfy7l41HJHvE5ZyDiEMKrM:hHwPDKDvMKA
Score

10^/10

rhadamanthys persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rhadamanthyspersistencestealer

behavioral2

rhadamanthyspersistencestealer

© 2018-2024

Terms | Privacy