Common Information
| Type | Value |
|---|---|
| Value |
rule Rhadamanthys {
meta:
author = "Insikt Group, Recorded Future"
date = "2024-08-07"
description = "Detects the 1st stage of the Rhadamanthys Stealer Malware"
version = "1.0"
hash = "643d2764447b953c2203f53263ea1d66a361ceda7b72c3cdac7d633413596647"
hash = "1b0215062992174a807e9203688e5727a27c8aaf8a1b5dbdcd10d0d0ea89f7aa"
strings:
$textbss = { 2E 74 65 78 74 62 73 73 [8] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 E0 }
$masq = "Roland GS Sound"
$xor1 = { F6 35 8D FA 4F A7 98 E6 }
$xor2 = "xxxxxxxxxxxxxxxx"
condition:
uint16be(0) == 0x4d5a and filesize < 600KB and filesize > 350KB and $textbss and (($xor1 or $xor2) or $masq)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |