ioc[.]one - OSINT Cyber Threat Intelligence Database

Rhadamanthys Stealer Adds

Show in Graph

Common Information

Type	Value
UUID	712688d9-03c5-4994-be54-d95ecf316e2a
Fingerprint	e6332637978907628b138079f972a1221b5ac0dbb8d03e34d90a76aa3e2351f3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 25, 2024, 9:57 p.m.
Added to db	Oct. 1, 2024, 3:25 p.m.
Last updated	Oct. 1, 2024, 3:28 p.m.
Headline	Rhadamanthys Stealer Adds
Title	Rhadamanthys Stealer Adds
Detected Hints/Tags/Attributes	180/4/241

Source URLs

	Redirection	Url
Details	Source	https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf

URL Provider

Details	Provider	Source level domain
Details	recordedfuture.com	go.recordedfuture.com

Attributes

Details	Type	#Events	Value
Details	Domain	546	www.recordedfuture.com
Details	Domain	34	exploit.im
Details	Domain	19	thesecure.biz
Details	Domain	1	right.com.cn
Details	Domain	28	telegra.ph
Details	Domain	2	cryptor.biz
Details	Domain	265	recordedfuture.com
Details	Email	1	rhadamanthys@exploit.im
Details	Email	1	kingcrete2022@thesecure.biz
Details	File	27	msctf.asm
Details	File	9	msctf.dll
Details	File	1	imgdt.bin
Details	File	3	bip39.txt
Details	File	21	loader.dll
Details	File	86	manifest.json
Details	File	20	config.dat
Details	File	48	applaunch.exe
Details	File	1	4.sys
Details	File	816	index.html
Details	File	17	idaq.exe
Details	File	16	idaq64.exe
Details	File	30	autoruns.exe
Details	File	30	dumpcap.exe
Details	File	5	de4dot.exe
Details	File	5	hookexplorer.exe
Details	File	2	ilspy.exe
Details	File	17	lordpe.exe
Details	File	2	dnspy.exe
Details	File	14	petools.exe
Details	File	15	autorunsc.exe
Details	File	11	resourcehacker.exe
Details	File	29	filemon.exe
Details	File	22	regmon.exe
Details	File	64	procexp.exe
Details	File	40	procexp64.exe
Details	File	29	tcpview.exe
Details	File	3	tcpview64.exe
Details	File	74	procmon.exe
Details	File	27	procmon64.exe
Details	File	2	vmmap.exe
Details	File	1	vmmap64.exe
Details	File	2	portmon.exe
Details	File	4	processlasso.exe
Details	File	71	wireshark.exe
Details	File	1	everywhere.exe
Details	File	24	fiddler.exe
Details	File	5	ida.exe
Details	File	7	ida64.exe
Details	File	11	immunitydebugger.exe
Details	File	22	windump.exe
Details	File	23	x64dbg.exe
Details	File	28	x32dbg.exe
Details	File	40	ollydbg.exe
Details	File	56	processhacker.exe
Details	sha256	2	643d2764447b953c2203f53263ea1d66a361ceda7b72c3cdac7d633413596647
Details	sha256	2	1b0215062992174a807e9203688e5727a27c8aaf8a1b5dbdcd10d0d0ea89f7aa
Details	sha256	2	31db744883c163774f75f9ed915f991a460517f793ccdd8e5fb05964b7b0789c
Details	sha256	2	cc8b0af0cd9c2a09c33e266729d526f64e147901710140596942726c68ca820f
Details	sha256	2	0bdaf3ea7f4b9a47d5d2a8d2309cc251eacce1abe2ab47e873a4bda82c8c3ace
Details	sha256	2	b2a9ce1b9474564ed479861222f41161bca44bf584953f5c13348b0d5d3ab8ab
Details	sha256	2	03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306
Details	sha256	2	3290e7b795b9e84bd9c7233290b3df4bd404945451fa845ff613b9a394be63de
Details	sha256	2	c339bc88c7ecc7c7d099e8457e16a7094fc2243e68ec30041d048b4f97b224c1
Details	sha256	2	5abee9b851bc50e1399c5604376e2c8599b721eea0a24d231204726a8b1e5b6b
Details	sha256	2	95897f8814e4c651671799af51c40fbe0a2334827683c82640627e270c57d9d7
Details	sha256	2	0d3a0b5c502bdeeeda6930a71896e5adf70a0338f290be3b8edc9f8fe03b312f
Details	sha256	2	d75a5e432832ffd4deaa2bccd75e01fa0a511e0874c2ac8a8c0bb199b01b439f
Details	sha256	2	aeb4171ec2a9f0400f54d5dd7a89041bc89ffa61627d26c20297fa849a37ffe9
Details	sha256	2	07c39df94416dfb58f22a0a1e46c8a9e2a2db3e273282574fbf13f574ec62b55
Details	sha256	2	528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e
Details	sha256	2	80cebeda935ad7e193a97b4053d667caf31938b6500cc700df1e77a2f8bd208c
Details	sha256	2	29d05396755f6102a42f199698b499b8d088324e8c79cc4cbb392d7ce1a5f40d
Details	sha256	2	bb1464e75c750d90c0c49d148c9e64eefe0c29b2f670d708c8085ddd3104dbfe
Details	sha256	2	314fe9383a2d78cbd2bf0f8014210c53c346b7995d1e86f72ec4d666b43586c9
Details	sha256	2	7213da4c9a6a8cbf1d0e90ac3bfc082c8c92d4147ccc7fbc45c0a96270a36b0d
Details	sha256	2	0b1ca7ed4460ba1fa8e6a0fbbca8dba4ff9e0a148521a3c79b6a14aef157f0ae
Details	sha256	2	4575e0cc175fe8062123d5043ac3e40b3f8d7834305b87be392bf545f4e06151
Details	sha256	2	6404ac4cac4d53dbbe19c6cef158ea1e2d1e263710058c140cee70b6881efacf
Details	sha256	2	b90e166ad379671547a1ca303474d2d91773cc8bfce72e59344ac91ff3d51eb4
Details	sha256	2	34918278f6eb6b5e3afa8da406eb3c5a4cc3b7c4a1cee55320fecdbef4e0a463
Details	sha256	2	079caeb8f65bf60f958ed97244bc86fce83765614b22e4122d76435e50c23432
Details	sha256	2	741b85f17765f4f17c342195642a39a34c8274c01e436b97b4e9294538310fd4
Details	sha256	2	f158ce347d17fc8ad7504d5eb54cfb894237228dc9da46be26a5159fc07df94f
Details	sha256	2	876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba
Details	sha256	2	a32c1877d61900c22bd203158c18662cdfe360c88d3fc48b03532b1b935a1781
Details	sha256	2	026b74331d4a67543a6ed4e636ef15ed5bc582daa3d143a8d4413b77801987b6
Details	sha256	2	e62ba1c16c87313e0ae8a6c4ccf31eebca0927009c31e2317458aa09777a6ff8
Details	sha256	2	5773216e3a9c0120fb5b08108b22ca4e175b2d4aa66107e33e72c95e283e8280
Details	sha256	2	f9bdf078977c7fc938d3d0b4d4788f810af4791d502a7dbb5fee05bb633019da
Details	sha256	2	e8a5b628a7fa45595eecb1f92d353d8b5d175d94f7befac803f11b1ffaf24e21
Details	sha256	2	e53705f07a3a1ac7ca56ab495ba6d8fac9667d1a5a53eba3806f3acef2354ed1
Details	sha256	2	6135bdbcfd9f824b3da0bef2ba73018a998967e20c5d0274c6a1c0433649b017
Details	sha256	2	cbdaaf3f0cee70700df7c69c015fb98f5a69fb374cb1b9f57b8136813468b9db
Details	sha256	2	e36bbdf75e56c4d0562ba5aba9e78d483a6196fe1ec891cc71ef9db5556c9c81
Details	sha256	2	f9d1a3b43fdeca1691af785f6bdfb445c224e46e58be9d27ba4d77801ef2183f
Details	sha256	2	99bd6ee7da4edad447fba55a6b11538927013586ef617e70a0ff4765adae22db
Details	sha256	2	3005dac31220c8a2abef6fa332ef2a7e37843364c8ba5e1636e6679ec17febdb
Details	sha256	2	6df2f4ce49b4fe7ef70623f25367380e14ce6f4a01fd06d8278bde1c712a9df0
Details	sha256	2	b5bc03acaeb80ef98945cc3e0e7726276feb68e05b4e4811727b6d500cd67e37
Details	sha256	2	d03e607e00e4e7dc4e5709a5ba73c21c923cdec0387cf3d7f2ec0c2d9979e370
Details	sha256	2	2fc82bf903409c53ed2b488b7920be9df0c60835d12bb21c45c27384e4a1ff38
Details	sha256	2	5c109b1d10f6969c8f4c6073180b15464c91937f33765bcbd2890d8dc0ca9220
Details	sha256	2	7a03776b44cd724c05d692c4d78b09e9b8a1ea7e2c049d448dc79cf5d3d753f3
Details	sha256	2	22beb0b11f2d0af021ed7514b2a382e2bd1f7e02e6a811fd4c903a75fce19d93
Details	sha256	2	60cc28ae765bee54fb21f9291765a8930c9e18fe0e8f61ffc35996c6e72c5410
Details	sha256	2	e5cc2137f5d4b69307e0a08ec5da4e35dc74648f262ed649c086d823cceb073f
Details	sha256	2	0a8d8d26ed46de316efab3e7b31e46c5afb1fa67bfe950e1a8a27d79c78912b8
Details	sha256	2	1fd5d4bbe948c9c60602392c338ea07fdbe44dea6216013a62c180aea97d2c1f
Details	sha256	2	2003e381ae90e155ee9e413ecb9d696b5e01b0774a619fd72a02d31b85e74177
Details	sha256	2	57acff4f016a60dde891df70d69d020853e679e2a5c99e4d3a605f1e11f33bd3
Details	sha256	2	c0bdfba4ce1dd72f3c9b18459eaefdc17bb3612f2bb71888f9da5239ff84cc24
Details	sha256	2	618fa764a0ab38d55e9904b562cc33408ff870eee38fef0897fbce8ad4c0ed0b
Details	sha256	2	eaede80aa7400cd537e6a02385b397f38e76884b4d2122f05e7e6f021846f6a6
Details	sha256	2	760a286108560faeb1f7f08b428d96aa1a88b17cc80d5d48847451efc0ed33cb
Details	sha256	2	8088aedd53e360cee68378465155fa95aab5b583ac863a2e83cb5817f90c47ab
Details	sha256	2	37017880268199de83a2080d1e23abd021f1ce76c2bbf68f95b1905f672c172f
Details	sha256	2	9c6c64d5df68dc25fdb0c4ad021c9ecae9388f33717227eb9c8cd956b20e531d
Details	sha256	2	4112161c45eae51019c33c6b5f5c3fb3024681ecf925d1c1af1f9c95066d428c
Details	sha256	2	1f25fcaab335b52fe140bdedbce4e86a9e1b7bc0f31a9553ef55fa680d05cb37
Details	sha256	2	9a97d52df9c7434cc01b4a26500b6584765fe7fb4ab1f9761724daba07948f6d
Details	sha256	2	0a27c79559df172c25afb1d7ff16c0c220fb75925e5d61ec9ed54b83b0d71863
Details	sha256	2	0218063602407eab13b71f311ed1be489c95f7dd2a6f8681871cb9025158ba8f
Details	sha256	2	bd86b97948754903efe08cdb8b90c045e2fd10b6a7be88f94453e2489b2313c3
Details	sha256	2	f4c0791bfc731d2774477d3b5e5164df302dbe2c732d4937be818ba712753e14
Details	sha256	2	f2efe88c8041ccc776859c8b80fb981cf1cf9805b80fc66500738c223a88c713
Details	sha256	2	35a70792a57447358477e5ca678420f14f577ed8e7956c9ee9013b8633d7feac
Details	sha256	2	d94ffbeb0ca3a1ed919281dc57e95cd34064bc053f59ec69d9cdbb5d6a714b36
Details	sha256	2	2fb0ca131bf1578752451e129c0e0de79a1eb58315e807949eb5dcedf68d750b
Details	sha256	2	469789801593b0582e7da5acaf9e17c02776f6783d378ce42e90a817be5aedc6
Details	sha256	2	8dca5512413cc1620911c1be69ae058e5040aba01178170ad0eb46f95667f51a
Details	sha256	2	c27cba4a291c6dacc6d0c941b7bc0420e20a575902b207dd15f289509ba29314
Details	sha256	2	7587be1d73dd90015c6200921d320ff0edcec19d7465b64d8ab8d12767c0f328
Details	sha256	2	10ac0976b8f00ee4cdc65d473236a881a44c91a0d3ccdd5210c7a5bb3c41f920
Details	sha256	2	9827f74e7c31c2399da388ff8f1039455b1739542dbaa16bf86bf23d38e8f07b
Details	sha256	2	bb8bbcc948e8dca2e5a0270c41c062a29994a2d9b51e820ed74d9b6e2a01ddcf
Details	sha256	2	cff554d01ac17319ba2fec1acd8a3262386b3a01592741194b4fb05924e302e1
Details	sha256	2	141ee34a8afb8f5a9d47e4910395bc70098a40ab46eb65bf3fb0b8e7c415c956
Details	sha256	2	93510385e8c133675c386fec3e080fb27c536f6e8bbb640f766d09de65351cff
Details	sha256	2	2bce0f081ce235caa11d047b750271c636b394c20e2188659edbeb7ffc591aba
Details	sha256	2	df97eb504ed5a3298737f83d418d70025f3be0daf56d6ccae35ec0d2ef813b20
Details	sha256	2	22a728ef7efea571769b481eaa224b4ae1f0151ae899ac2f30f3493e8e8166ee
Details	sha256	2	bab017ca2aa472dc3b0370dba0bd356939a62947f4ff83ef4810a70a68fab1df
Details	sha256	2	14a61d65ae287dde9da0482d7abda0fc32f116b16ed9fdeef56f35b3d6cf27fb
Details	sha256	2	67825f431a99f551c9d75539be11907c3bcf91e9d55b6a91be221e4193eba49e
Details	sha256	2	c1680857ca2993539b1cf3040f144cd26e324c0091ef7e4e500a390584c98b66
Details	sha256	2	819fff43c92af475d74a65fec08f8477df6c3f36c5c746c794d79d71f8c97dda
Details	IPv4	1	5.230.67.168
Details	IPv4	1	38.180.100.139
Details	IPv4	1	38.180.188.69
Details	IPv4	1	45.61.166.131
Details	IPv4	1	45.152.84.68
Details	IPv4	1	45.159.188.37
Details	IPv4	1	45.202.35.41
Details	IPv4	1	57.128.169.122
Details	IPv4	1	74.81.56.118
Details	IPv4	1	77.91.78.112
Details	IPv4	1	77.221.148.235
Details	IPv4	1	77.238.245.97
Details	IPv4	1	77.238.248.142
Details	IPv4	1	80.66.75.110
Details	IPv4	1	80.66.79.88
Details	IPv4	1	81.19.131.103
Details	IPv4	1	83.217.209.45
Details	IPv4	1	83.217.209.52
Details	IPv4	1	85.209.90.135
Details	IPv4	1	88.99.62.143
Details	IPv4	1	89.23.103.235
Details	IPv4	1	89.117.152.61
Details	IPv4	1	89.117.152.231
Details	IPv4	1	89.208.103.86
Details	IPv4	1	92.246.139.134
Details	IPv4	1	94.232.249.76
Details	IPv4	1	94.232.249.92
Details	IPv4	1	95.216.91.91
Details	IPv4	2	95.217.44.124
Details	IPv4	1	103.148.58.146
Details	IPv4	1	103.148.58.151
Details	IPv4	1	103.148.58.152
Details	IPv4	1	103.173.179.189
Details	IPv4	1	104.234.167.212
Details	IPv4	1	107.189.28.160
Details	IPv4	1	135.181.4.162
Details	IPv4	4	139.99.17.158
Details	IPv4	1	142.132.161.168
Details	IPv4	1	144.76.133.166
Details	IPv4	1	147.45.44.107
Details	IPv4	1	147.45.44.126
Details	IPv4	1	147.45.44.143
Details	IPv4	1	147.45.44.187
Details	IPv4	1	147.45.44.195
Details	IPv4	1	147.45.70.184
Details	IPv4	1	147.124.220.233
Details	IPv4	1	149.102.143.198
Details	IPv4	1	154.216.17.85
Details	IPv4	1	154.216.17.126
Details	IPv4	1	154.216.17.181
Details	IPv4	1	154.216.18.122
Details	IPv4	1	154.216.19.149
Details	IPv4	1	162.254.34.46
Details	IPv4	1	167.88.170.44
Details	IPv4	1	170.205.38.149
Details	IPv4	1	172.236.107.96
Details	IPv4	1	178.22.31.64
Details	IPv4	1	185.161.251.6
Details	IPv4	1	185.161.251.67
Details	IPv4	1	185.184.26.10
Details	IPv4	1	185.196.10.175
Details	IPv4	1	185.196.11.237
Details	IPv4	1	185.209.161.207
Details	IPv4	1	185.234.216.132
Details	IPv4	1	192.30.242.19
Details	IPv4	1	192.30.242.44
Details	IPv4	1	193.124.205.63
Details	IPv4	1	193.143.1.77
Details	IPv4	1	193.188.20.191
Details	IPv4	1	193.200.134.94
Details	IPv4	4	198.135.48.191
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	121	T1218
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	23	T1552.002
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	550	T1112
Details	Url	1	http://ip:443/admin/console/index.html
Details	Url	1	https://cryptor.biz/crypt
Details	Windows Registry Key	1	HKCU\SOFTWARE\SibCode\sn2
Details	Windows Registry Key	1	HKCU\SOFTWARE\SibCode\sn
Details	Windows Registry Key	1	HKCU\SOFTWARE\SibCode
Details	Windows Registry Key	1	HKCU\Software\SibCode\sn
Details	Windows Registry Key	1	HKCU\Software\SibCode\sn2
Details	Yara rule	1	rule Rhadamanthys { meta: author = "Insikt Group, Recorded Future" date = "2024-08-07" description = "Detects the 1st stage of the Rhadamanthys Stealer Malware" version = "1.0" hash = "643d2764447b953c2203f53263ea1d66a361ceda7b72c3cdac7d633413596647" hash = "1b0215062992174a807e9203688e5727a27c8aaf8a1b5dbdcd10d0d0ea89f7aa" strings: $textbss = { 2E 74 65 78 74 62 73 73 [8] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 E0 } $masq = "Roland GS Sound" $xor1 = { F6 35 8D FA 4F A7 98 E6 } $xor2 = "xxxxxxxxxxxxxxxx" condition: uint16be(0) == 0x4d5a and filesize < 600KB and filesize > 350KB and $textbss and (($xor1 or $xor2) or $masq) }