General

  • Target

    3aa2d4932a82925ba0e3188a417b98e20e1dd1ec58e4ff86ae9e9919f649aba0

  • Size

    424KB

  • Sample

    230419-czkteshf2x

  • MD5

    bd42638275e4195d133c7da989dc8db5

  • SHA1

    c62a8d692f413509de64f02a35e5a02f20f529b8

  • SHA256

    3aa2d4932a82925ba0e3188a417b98e20e1dd1ec58e4ff86ae9e9919f649aba0

  • SHA512

    cca1529f3ee7cba64bdf7dfcadbe8a27846b03b252b18ab37508de01c9300f568025a3b61a80d2509cacb4b355b9a0ee402d08a4d1c184a3da5ddd652262120a

  • SSDEEP

    12288:2tldgq0jGHzT4TaSA8JCHiVt3JS8H6qv:2/dFETaH80Hi/3Q8aq

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      3aa2d4932a82925ba0e3188a417b98e20e1dd1ec58e4ff86ae9e9919f649aba0

    • Size

      424KB

    • MD5

      bd42638275e4195d133c7da989dc8db5

    • SHA1

      c62a8d692f413509de64f02a35e5a02f20f529b8

    • SHA256

      3aa2d4932a82925ba0e3188a417b98e20e1dd1ec58e4ff86ae9e9919f649aba0

    • SHA512

      cca1529f3ee7cba64bdf7dfcadbe8a27846b03b252b18ab37508de01c9300f568025a3b61a80d2509cacb4b355b9a0ee402d08a4d1c184a3da5ddd652262120a

    • SSDEEP

      12288:2tldgq0jGHzT4TaSA8JCHiVt3JS8H6qv:2/dFETaH80Hi/3Q8aq

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks