General

  • Target

    28f9616bc6f9b40aaab2b1394cc574f09605397e6e36d235ea08b6d61b038d8c

  • Size

    297KB

  • Sample

    230419-ftr74aac2t

  • MD5

    e44e3b836aa7b7730052cb343e0a2333

  • SHA1

    322cff7ac9ac075c29013ce29fb82f04da675565

  • SHA256

    28f9616bc6f9b40aaab2b1394cc574f09605397e6e36d235ea08b6d61b038d8c

  • SHA512

    782ebeb4b8340ddc25c898eb82d0a4d444e19dba91e647564669c3733d64dd111117de4e2494556e75bbf111e968cef3c68801d0d77a03805090e3bbbebaf184

  • SSDEEP

    6144:VeR03yOFQH0Gzr6+vZpz7dR+PwjDyq5YPDWJ:WDX0krb1APw

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      28f9616bc6f9b40aaab2b1394cc574f09605397e6e36d235ea08b6d61b038d8c

    • Size

      297KB

    • MD5

      e44e3b836aa7b7730052cb343e0a2333

    • SHA1

      322cff7ac9ac075c29013ce29fb82f04da675565

    • SHA256

      28f9616bc6f9b40aaab2b1394cc574f09605397e6e36d235ea08b6d61b038d8c

    • SHA512

      782ebeb4b8340ddc25c898eb82d0a4d444e19dba91e647564669c3733d64dd111117de4e2494556e75bbf111e968cef3c68801d0d77a03805090e3bbbebaf184

    • SSDEEP

      6144:VeR03yOFQH0Gzr6+vZpz7dR+PwjDyq5YPDWJ:WDX0krb1APw

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks