General

  • Target

    2f5d656bdb9f72da1bd1e33c2dd53886bb8d4b4f009c0f8b52110c2bfb0050cb

  • Size

    298KB

  • Sample

    230419-3qvkdaea74

  • MD5

    d978c2cc32e297988336cb02b7066dc7

  • SHA1

    ed417d052093970dcd82f776cb5bd9d552af2625

  • SHA256

    2f5d656bdb9f72da1bd1e33c2dd53886bb8d4b4f009c0f8b52110c2bfb0050cb

  • SHA512

    59d5931a723f6c0fd973fe3e0e3966d689ce9f6dd0eaaeea86433b81ff4fe2d2fe2037bccd275a171935202cc9f6942c709cecd2c4f1e9bfe1ee9efe8b9e708d

  • SSDEEP

    6144:nYCWpAZsddT5w4gympGTnLsM7546+W3g4/ve:nGpAZ03wMLL7RZ

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      2f5d656bdb9f72da1bd1e33c2dd53886bb8d4b4f009c0f8b52110c2bfb0050cb

    • Size

      298KB

    • MD5

      d978c2cc32e297988336cb02b7066dc7

    • SHA1

      ed417d052093970dcd82f776cb5bd9d552af2625

    • SHA256

      2f5d656bdb9f72da1bd1e33c2dd53886bb8d4b4f009c0f8b52110c2bfb0050cb

    • SHA512

      59d5931a723f6c0fd973fe3e0e3966d689ce9f6dd0eaaeea86433b81ff4fe2d2fe2037bccd275a171935202cc9f6942c709cecd2c4f1e9bfe1ee9efe8b9e708d

    • SSDEEP

      6144:nYCWpAZsddT5w4gympGTnLsM7546+W3g4/ve:nGpAZ03wMLL7RZ

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks