General

  • Target

    022d2d5d987d62b063babf696d533b69df489ed4d6aaac69340c0be6e57ae957

  • Size

    423KB

  • Sample

    230414-x8t4nsch91

  • MD5

    b95cc3f250673542941d61a097a230bb

  • SHA1

    b0b95daf5f8144f64a0ee4e1ae17426af0e11875

  • SHA256

    022d2d5d987d62b063babf696d533b69df489ed4d6aaac69340c0be6e57ae957

  • SHA512

    2b8a1e436f1f37027e20dffb8d3141cf46209bf38b7b0e2e143f25623ec9a9367512c5db8814dc881a983261d73fad49990eecb17ab4224f11f1682b0c01a53b

  • SSDEEP

    6144:CV8v9Yt8HvOCr8OSl6DzU2MEewbZwPxzx3mUw8hmG857O7bbLdgt:CV8Ot8P3r8OSUDzUJlPxz4UwbKbL

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      022d2d5d987d62b063babf696d533b69df489ed4d6aaac69340c0be6e57ae957

    • Size

      423KB

    • MD5

      b95cc3f250673542941d61a097a230bb

    • SHA1

      b0b95daf5f8144f64a0ee4e1ae17426af0e11875

    • SHA256

      022d2d5d987d62b063babf696d533b69df489ed4d6aaac69340c0be6e57ae957

    • SHA512

      2b8a1e436f1f37027e20dffb8d3141cf46209bf38b7b0e2e143f25623ec9a9367512c5db8814dc881a983261d73fad49990eecb17ab4224f11f1682b0c01a53b

    • SSDEEP

      6144:CV8v9Yt8HvOCr8OSl6DzU2MEewbZwPxzx3mUw8hmG857O7bbLdgt:CV8Ot8P3r8OSUDzUJlPxz4UwbKbL

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks