rhadamanthys | 3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...89.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Trojan.PackedNET.2810.20288.2689.exe
Size

5.8MB
Sample

240628-mlh3savckf
MD5

4a922d6992bf344a9c7644152f2197d6
SHA1

8c1b209d2e42e94932de731e4f537065582b2fff
SHA256

3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
SHA512

f9bdf54587dc1ed1a19bd8183011ec6256bacd10f05cd8aff69835d687ad2584cf8e1bce48ab90ee44cb26164f84b45411dc3f925d9a8b701b61a69ba140d0fd
SSDEEP

98304:ZaXtcsYpSvHtspnAGNkg7O4MrThvpXO0xWs80ADgPmGzG5zEuACQZ+uCJ1:gjf2pnAGN17O4MZlnxVmgmG65zEfz+uU

Score

10^/10

rhadamanthys persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.PackedNET.2810.20288.2689.exe

Resource

win10v2004-20240508-en

rhadamanthys persistence stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.2810.20288.2689.exe
- Size
  
  5.8MB
- MD5
  
  4a922d6992bf344a9c7644152f2197d6
- SHA1
  
  8c1b209d2e42e94932de731e4f537065582b2fff
- SHA256
  
  3fbeae5e48d7f3b2ce4beac3347d9aa259fd2c9c6f5485ae166e74dc5268e071
- SHA512
  
  f9bdf54587dc1ed1a19bd8183011ec6256bacd10f05cd8aff69835d687ad2584cf8e1bce48ab90ee44cb26164f84b45411dc3f925d9a8b701b61a69ba140d0fd
- SSDEEP
  
  98304:ZaXtcsYpSvHtspnAGNkg7O4MrThvpXO0xWs80ADgPmGzG5zEuACQZ+uCJ1:gjf2pnAGN17O4MZlnxVmgmG65zEfz+uU
Score

10^/10

rhadamanthys persistence stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rhadamanthyspersistencestealer

© 2018-2024

Terms | Privacy