Technical Analysis of Rhadamanthys Obfuscation Techniques

Key Points

Rhadamanthys is an information stealer that consists of two components, the loader and the main module (responsible for exfiltrating collected credentials).
The malware implements complex anti-analysis techniques by using a public open source library.
Rhadamanthys is capable of extracting credentials of various applications such as Keepass and cryptocurrency wallets.
One of the detected loaders uses a virtual machine (based on Quake III) in order to protect several parts of its code.
Rhadamnthys uses a variation of the Hidden …

analysis anti-analysis applications code credentials cryptocurrency cryptocurrency wallets iii information information stealer keepass key key points library loader loaders machine main malware obfuscation open source order protect public responsible rhadamanthys stealer technical technical analysis techniques virtual virtual machine wallets