General

  • Target

    c11d03e675bc640bd27d956804ff4a726be89cc3baf6e1c4f8f4322f7e810ddc

  • Size

    423KB

  • Sample

    230414-z8n9jaca55

  • MD5

    1cd4b1c01e7fa9bdd1e9994cbb7da989

  • SHA1

    0833a224bd76520424b875ac602af9201ca6d172

  • SHA256

    c11d03e675bc640bd27d956804ff4a726be89cc3baf6e1c4f8f4322f7e810ddc

  • SHA512

    e1967175bfc2fe5145100e6a1f84594bb8040079cf07c70e66090a14af2e86d1f6e43944ea5b89afd702e5005467aabc3db92eab573c696337e2e4e22c5dad70

  • SSDEEP

    6144:1c88FfOyNX3z1ENI4u1DC0xGDazzBOwalUjeqReR0KkPtaSxi:1cpft535EWF1DF4Wz9OwalaeRRQ0

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      c11d03e675bc640bd27d956804ff4a726be89cc3baf6e1c4f8f4322f7e810ddc

    • Size

      423KB

    • MD5

      1cd4b1c01e7fa9bdd1e9994cbb7da989

    • SHA1

      0833a224bd76520424b875ac602af9201ca6d172

    • SHA256

      c11d03e675bc640bd27d956804ff4a726be89cc3baf6e1c4f8f4322f7e810ddc

    • SHA512

      e1967175bfc2fe5145100e6a1f84594bb8040079cf07c70e66090a14af2e86d1f6e43944ea5b89afd702e5005467aabc3db92eab573c696337e2e4e22c5dad70

    • SSDEEP

      6144:1c88FfOyNX3z1ENI4u1DC0xGDazzBOwalUjeqReR0KkPtaSxi:1cpft535EWF1DF4Wz9OwalaeRRQ0

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks