rhadamanthys

General

Target

x64__installer___x32__.zip
Size

26.6MB
Sample

240624-rjg5xswdlg
MD5

951895db4798737e96a7b22f0451ef01
SHA1

2c9727632f4bfd3eda91b3fdd689ad53cfaae925
SHA256

f548d1ad81af9ffb56e07ae96aef96702160d06a84db8802679686ef2b51d85e
SHA512

82e6d3898bd5504e5f9aefbc2ea373468f217cff5d651db24c3ef84cae6ffb35d14700d11dab758661b114c8c4a674974efbb1bd31b4abf47af13591c88cb178
SSDEEP

393216:q/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxi:qxrO/9N52yvmcJ6rXTcvL8wA/CXxi

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://gotry-gotry.com/2306s1.bs64

Targets

- Target
  
  x64__installer___x32__.zip
- Size
  
  26.6MB
- MD5
  
  951895db4798737e96a7b22f0451ef01
- SHA1
  
  2c9727632f4bfd3eda91b3fdd689ad53cfaae925
- SHA256
  
  f548d1ad81af9ffb56e07ae96aef96702160d06a84db8802679686ef2b51d85e
- SHA512
  
  82e6d3898bd5504e5f9aefbc2ea373468f217cff5d651db24c3ef84cae6ffb35d14700d11dab758661b114c8c4a674974efbb1bd31b4abf47af13591c88cb178
- SSDEEP
  
  393216:q/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxi:qxrO/9N52yvmcJ6rXTcvL8wA/CXxi
Score

1^/10
behavioral1
- Target
  
  __x64___setup___x32__.zip
- Size
  
  26.6MB
- MD5
  
  6777a3e251426d31e4917717264661d3
- SHA1
  
  ccfd5dd35ba5610026698ea98b1bee04aefd9eb7
- SHA256
  
  e643e25579f46f7662cc7aa49c6e040bc682d87c62cf97eaa4e0f7530a6fc3bd
- SHA512
  
  7451f71dfe72be47142136d036f7670f944053fee45a9f76270d6ba4513399e23cb75c39f5615e328628eecdf6c159f6c38ddd847d97480ef33d62060b290d4f
- SSDEEP
  
  393216:C/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxj:CxrO/9N52yvmcJ6rXTcvL8wA/CXxj
Score

1^/10
behavioral2
- Target
  
  setup.msi
- Size
  
  25.2MB
- MD5
  
  be2a13cfa57db16d3f654c5e444c360b
- SHA1
  
  7f45d2a4debbbca678cc5c300c59af01ca197bca
- SHA256
  
  b086cb6063a6fe194342b3dbe7639aebab02513305c95a914d052e87b54e0523
- SHA512
  
  978f4fb1e9df0785bbcd2734d4a7b32d3acab4a215075f0860ccc879bf65714e2c6eabba41ee7c38c0394a9a08b60757544034b21c336c2a3f233a411744953e
- SSDEEP
  
  786432:++aMGdE4CF4EgcHxa3pS58g0nfZ3AOnr:++aMGrCKEg+xwS5MGOr
Score

10^/10

rhadamanthys execution persistence privilege_escalation stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  password.jpg
- Size
  
  50KB
- MD5
  
  10d7c64373b8a39e05782dff99e88aaf
- SHA1
  
  3327e3ba0e0dde05e00640121e9fcd50a49e937b
- SHA256
  
  c69692eaa6728d7658ec5f3a6a4bb06c42243993fdea491a009c02cba42f3e15
- SHA512
  
  a00aa2bc828b3eeac08f23e0516d20237c6200590344c702014770d7969fada6b210cd6d9a491c7105be3a1a928e75ec42b20061909b02afa11e1fb77466168e
- SSDEEP
  
  768:PHANnW5aGdd+AkSu4rksV6pfQCwCozi4BrA49d7uueqzjas//g:PHAATYrubYfQsCLVA4uueqzOn
Score

3^/10
behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4