Rhadamanthys v0.5.0 – A Deep Dive Into The Stealer’s Components

Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design.

In their last article on Rhadamanthys, Check Point researchers focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In this article they do a deep dive into the functionality and cooperation between the modules. The first part of the article describes the loading chain that is used to retrieve the package with the stealer components. In the second part, the research team take a closer look at those components, their structure, abilities, and implementation.

Read more…
Source: Check Point