General

  • Target

    cfdac35d0fc59889a54ace44c7bea14c94e07253f6fbe27524a114d3bd45ed9d

  • Size

    419KB

  • Sample

    230416-e4vwasgh95

  • MD5

    d5efb545de815504a4c97fbdf8810ef2

  • SHA1

    078f87f5859fa904187bb0265e8ab8abb3b8db46

  • SHA256

    cfdac35d0fc59889a54ace44c7bea14c94e07253f6fbe27524a114d3bd45ed9d

  • SHA512

    550500d1cc26ceee4237cd3e3432bc37e4e5bc96cff5fb8bbce4a3db92c674b13b5a06c4e5bb6e784330c3a20dc55040fd2a1352bcbf413c00d5a3ec190baed3

  • SSDEEP

    12288:98w7sRnSRhKSk/zGmxvXaAz3ouUZBsdq4:9d78n8hK/HxSm38Bsc4

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      cfdac35d0fc59889a54ace44c7bea14c94e07253f6fbe27524a114d3bd45ed9d

    • Size

      419KB

    • MD5

      d5efb545de815504a4c97fbdf8810ef2

    • SHA1

      078f87f5859fa904187bb0265e8ab8abb3b8db46

    • SHA256

      cfdac35d0fc59889a54ace44c7bea14c94e07253f6fbe27524a114d3bd45ed9d

    • SHA512

      550500d1cc26ceee4237cd3e3432bc37e4e5bc96cff5fb8bbce4a3db92c674b13b5a06c4e5bb6e784330c3a20dc55040fd2a1352bcbf413c00d5a3ec190baed3

    • SSDEEP

      12288:98w7sRnSRhKSk/zGmxvXaAz3ouUZBsdq4:9d78n8hK/HxSm38Bsc4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks