General

  • Target

    0eb5488f5d60ac50cd1008b3bd218c30004d99565b054f31f895f3dcb655474e

  • Size

    342KB

  • Sample

    230328-g9pbtahd46

  • MD5

    1a87f7e1fce546ae4a067a991a957bf4

  • SHA1

    8133878905cc8d5bd81fa3ecd4c377eae1ed02e5

  • SHA256

    0eb5488f5d60ac50cd1008b3bd218c30004d99565b054f31f895f3dcb655474e

  • SHA512

    ea1713b99352ef78b622542398580c83d4937af51757d52dfbaa3e74a8b382e179fbd966199be852d8e71f6d263c91db5f062f33694283d463fe3e92c2bf2ae0

  • SSDEEP

    6144:fgMO+oEfGjm3C+Bx97BE7P3Z4KBFeBqzPF:fgMO+ooGhO7BEDJ4KTe0zPF

Malware Config

Targets

    • Target

      0eb5488f5d60ac50cd1008b3bd218c30004d99565b054f31f895f3dcb655474e

    • Size

      342KB

    • MD5

      1a87f7e1fce546ae4a067a991a957bf4

    • SHA1

      8133878905cc8d5bd81fa3ecd4c377eae1ed02e5

    • SHA256

      0eb5488f5d60ac50cd1008b3bd218c30004d99565b054f31f895f3dcb655474e

    • SHA512

      ea1713b99352ef78b622542398580c83d4937af51757d52dfbaa3e74a8b382e179fbd966199be852d8e71f6d263c91db5f062f33694283d463fe3e92c2bf2ae0

    • SSDEEP

      6144:fgMO+oEfGjm3C+Bx97BE7P3Z4KBFeBqzPF:fgMO+ooGhO7BEDJ4KTe0zPF

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Email Collection

1
T1114

Tasks