General

  • Target

    a499e4d7f71cb83c442b02f45dc986a42c6fef18ffc0efb9a54287671e063cc2

  • Size

    423KB

  • Sample

    230415-b3v8wscf65

  • MD5

    125d1cf1adccdd7c0e0058f02d7dcfc4

  • SHA1

    31ae25eb8cc617c94335773eb0261614554d9e19

  • SHA256

    a499e4d7f71cb83c442b02f45dc986a42c6fef18ffc0efb9a54287671e063cc2

  • SHA512

    e9e0b496e8ae722c58952dae5dc3f0942b1b87f2792741c05106792ae9249a44b6689560cf1e8cb87bb32ac26a375aa6f249643c0093e4d205ddd733da02d601

  • SSDEEP

    6144:IXyk2QYypRGEMkhlnKa+WvGdUjR7ODpTi:IX92B+RGEMsh+de7Ok

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      a499e4d7f71cb83c442b02f45dc986a42c6fef18ffc0efb9a54287671e063cc2

    • Size

      423KB

    • MD5

      125d1cf1adccdd7c0e0058f02d7dcfc4

    • SHA1

      31ae25eb8cc617c94335773eb0261614554d9e19

    • SHA256

      a499e4d7f71cb83c442b02f45dc986a42c6fef18ffc0efb9a54287671e063cc2

    • SHA512

      e9e0b496e8ae722c58952dae5dc3f0942b1b87f2792741c05106792ae9249a44b6689560cf1e8cb87bb32ac26a375aa6f249643c0093e4d205ddd733da02d601

    • SSDEEP

      6144:IXyk2QYypRGEMkhlnKa+WvGdUjR7ODpTi:IX92B+RGEMsh+de7Ok

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks