Rhadamanthys 0.9.x - walk through the updates
Essential information
- Published
- 01/10/2025 20:28
- Modified
- 01/10/2025 22:26
- Tags
- 2025-10-01 configurability custom formats encryption evasion png payload rhadamanthys stealer
- Related entities
- 51 observables, 18 techniques (mitre)
Description
Rhadamanthys, a complex multi-modular stealer, has released version 0.9.2 with significant updates. The malware now uses PNG files to deliver payloads, implements new evasion techniques, and introduces changes to its custom executable formats. Key modifications include a new message box mimicking Lumma stealer, updates to string encryption, and enhanced configurability. The malware continues to evolve, focusing on refinements and customization options while maintaining its core design. These changes aim to disrupt analysis tools and detection methods. The authors are professionalizing their operation, treating Rhadamanthys as a long-term business venture with tiered pricing and expanded product offerings.