General
-
Target
setup.exe
-
Size
424KB
-
Sample
230419-bms4lahb8x
-
MD5
f9916f55a46a20c8510b200e234ba773
-
SHA1
9a23bd0f39833053746b27d8f2a03eeba3b2f57d
-
SHA256
dc40df8ce62ea7db5eb023b523dfc987645557e69d4b359ef80df36f200d599c
-
SHA512
c50757b3ceb70ca8e429ddc73f91e12eb17830b6b46ebe7e09a7516df863cd75c9d38309ca27bf296d5cb8a508fb360fd44ea911d976aa703e98bddc24439de6
-
SSDEEP
6144:RdPOqD+awlv1QLShpF6Pv6EOMiNi3S1gx3KKqqs/QTTEhFzReqRIv:RdxDev1QLYj63Olvubqqs/QvIpgqCv
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
setup.exe
-
Size
424KB
-
MD5
f9916f55a46a20c8510b200e234ba773
-
SHA1
9a23bd0f39833053746b27d8f2a03eeba3b2f57d
-
SHA256
dc40df8ce62ea7db5eb023b523dfc987645557e69d4b359ef80df36f200d599c
-
SHA512
c50757b3ceb70ca8e429ddc73f91e12eb17830b6b46ebe7e09a7516df863cd75c9d38309ca27bf296d5cb8a508fb360fd44ea911d976aa703e98bddc24439de6
-
SSDEEP
6144:RdPOqD+awlv1QLShpF6Pv6EOMiNi3S1gx3KKqqs/QTTEhFzReqRIv:RdxDev1QLYj63Olvubqqs/QvIpgqCv
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Accesses Microsoft Outlook profiles
-