General

  • Target

    4323e177e7292dc4d69a9599c3a7e6e98f16da5e8ce42ecafbee66f0eef3113d

  • Size

    298KB

  • Sample

    230419-h29s8aha45

  • MD5

    cfe77c111ee1e91bed663aa8d389902d

  • SHA1

    52804794228dd2b5e92a823bdcbea9006e8cc2b7

  • SHA256

    4323e177e7292dc4d69a9599c3a7e6e98f16da5e8ce42ecafbee66f0eef3113d

  • SHA512

    3fd56ab372d510b2f4199edd0004541be246aaff6850f694ddbf3b32c27d7c3e4311896ea6de276bc943e944c91acebeec02c2d1c46b088ff27d492265def1d7

  • SSDEEP

    6144:D6RQwSMLKGiKKQRxZhCMZlplsUkYkUOYPDWJ:4Qd/GiPQ5h7Dp+cR

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      4323e177e7292dc4d69a9599c3a7e6e98f16da5e8ce42ecafbee66f0eef3113d

    • Size

      298KB

    • MD5

      cfe77c111ee1e91bed663aa8d389902d

    • SHA1

      52804794228dd2b5e92a823bdcbea9006e8cc2b7

    • SHA256

      4323e177e7292dc4d69a9599c3a7e6e98f16da5e8ce42ecafbee66f0eef3113d

    • SHA512

      3fd56ab372d510b2f4199edd0004541be246aaff6850f694ddbf3b32c27d7c3e4311896ea6de276bc943e944c91acebeec02c2d1c46b088ff27d492265def1d7

    • SSDEEP

      6144:D6RQwSMLKGiKKQRxZhCMZlplsUkYkUOYPDWJ:4Qd/GiPQ5h7Dp+cR

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks