General

  • Target

    819f205321820abba99f60f9d77ed869975de1cbc8bbb4c2e5df45360fc94f31

  • Size

    342KB

  • Sample

    230328-k45cmabg8y

  • MD5

    4005cfa52a2428539a15e721c3ed5d8d

  • SHA1

    31dc3c9178e1ac710e89765d54f6219395c7dfcc

  • SHA256

    819f205321820abba99f60f9d77ed869975de1cbc8bbb4c2e5df45360fc94f31

  • SHA512

    3095af44d4e68dff5aaa6d2e43ec197c9d52a6df5f407ae973b38c40c68b75c5d16fed45f7b9ec92bed7a0e9dfc64764e07d620ef7dd379bab6cefe087826118

  • SSDEEP

    6144:/uE17JIRfmoORU308e4PYvs+pDeAedIfxoCSp:/l17JIpmoLkTAosWzqTF

Malware Config

Targets

    • Target

      819f205321820abba99f60f9d77ed869975de1cbc8bbb4c2e5df45360fc94f31

    • Size

      342KB

    • MD5

      4005cfa52a2428539a15e721c3ed5d8d

    • SHA1

      31dc3c9178e1ac710e89765d54f6219395c7dfcc

    • SHA256

      819f205321820abba99f60f9d77ed869975de1cbc8bbb4c2e5df45360fc94f31

    • SHA512

      3095af44d4e68dff5aaa6d2e43ec197c9d52a6df5f407ae973b38c40c68b75c5d16fed45f7b9ec92bed7a0e9dfc64764e07d620ef7dd379bab6cefe087826118

    • SSDEEP

      6144:/uE17JIRfmoORU308e4PYvs+pDeAedIfxoCSp:/l17JIpmoLkTAosWzqTF

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Email Collection

1
T1114

Tasks