Key Insights:

·        The Evolving Threat: The Rhadamanthys stealer, a multi-layered malware, is now available in its latest iteration, version 0.5.0, enhancing its capabilities and introducing new spying functions.

·        Customizable and Dangerous: Its plugin system allows it to be tailored for various malicious needs, continuing to use the XS1 and XS2 formats for its modules.

·        Check Point Research’s Expert Analysis: CPR provides a detailed breakdown of the stealer’s components, offering insights into how they operate and their potential impact.

Understanding Rhadamanthys: A Comprehensive Look

Rhadamanthys, an advanced information stealer, is known for its multifaceted modules and layered design. This malware, believed to be evolved from the Hidden Bee family, demonstrates significant technical sophistication.

Diving Deep into the New Features ;

The latest version, 0.5.0, brings a suite of enhancements:

  1. Observer Mode: A new surveillance functionality.
  2. Diverse Stub Construction: Enhanced adaptability with various shellcode and .NET frameworks, improving its evasion and infection capabilities.
  3. Enhanced Execution Process: A complete rewrite of the client execution process, rectifying previous bugs and improving reliability.
  4. Expanded Wallet Support: Improved cracking algorithms for a range of digital wallets.

The Modular Architecture of Rhadamanthys

The power of Rhadamanthys lies in its modular design. It supports multiple scripting languages like LUA, PowerShell, and others, making it highly adaptable and dangerous. This version is not just a stealer but is evolving into a multipurpose bot, equipped with keyloggers and system information collectors.

The Continuing Threat

Rhadamanthys is rapidly advancing, aiming to be a major player in the malware market. Its ongoing development indicates its potential to remain a significant threat.

Check Point Customers Remain Protected

Check Point’s XDR/XPR quickly identifies the most sophisticated attacks by correlating events across your entire security estate and combining with behavioral analytics, real time proprietary threat intelligence from Check Point Research and ThreatCloud AI, and third-party intelligence.

Comprehensive Prevention Across Your Entire Security Estate – endpoints, network, mobile, email and the cloud.

Check Point Threat Emulation provides comprehensive coverage of attack tactics, file types, and operating systems and has developed and deployed a signature to detect and protect customers against threats described in this research.

Check Point’s Harmony Endpoint provides comprehensive endpoint protection at the highest security level, crucial to avoid security breaches and data compromise. Behavioral Guard protections were developed and deployed to protect customers against threats described in this research.

Conclusion: As Rhadamanthys continues to evolve, staying informed and protected is crucial. The work done by Check Point Research (CPR) is invaluable in understanding and mitigating these threats, ensuring safety in the digital world.

For the full deep dive visit the CP<R> blog

 

You may also like