Rhadamanthys, a complex multi-modular stealer, has released version 0.9.2 with significant updates. The malware now uses PNG files to deliver payloads, implements new evasion techniques, and introduces changes to its custom executable formats. Key modifications include a new message box mimicking Lumma stealer, updates to string encryption, and enhanced configurability. The malware continues to evolve, focusing on refinements and customization options while maintaining its core design. These changes aim to disrupt analysis tools and detection methods. The authors are professionalizing their operation, treating Rhadamanthys as a long-term business venture with tiered pricing and expanded product offerings. Author: AlienVault
Related Tags:
png payload
configurability
encryption
T1059.006
T1027.002
evasion
T1056.001
rhadamanthys
T1562.001
Associated Indicators:
C19716B262E928D83252D75A1FF262786DF6CBB221132A0ADA08EF3293C091B7
4EC1902E8CD21D2D5A65465111A1883920BB6C898189DAC34D618766B1C4FA66
DF24D62310C018BA8817F0B70788E6BEC546F234BB56116F90BF5B7F19C87901
B43D35A26681C7F214CE3BD90AF35BC3272008C169C5B1B4E7E6AF7398E3E3C4
8F54612F441C4A18564E6BADF5709544370715E4529518D04B402DCD7F11B0FB
59722B8869D17C5A805DD9FEBE70295B78AFD53E4F3B0E26CD76EA1E772E6818
7ACAE2490A0FF1AE3A31F89346FE4E0630259A344C2A6F38BF75F34F8FE9987E
CBDB3D2E0A845B134576FABCC2260AA5BD995B9F3B43483AB704C6787409012D
B429A3E21A3EE5AC7BE86739985009647F570548B4F04D4256139BC280A6C68F