General

  • Target

    629c3efea4c90a25c438c9d244f66a1de834bd72b5d04db8c9a8e1b16262b4f1

  • Size

    297KB

  • Sample

    230419-tf61zsde6v

  • MD5

    cf62868d0fee1310262d769deba482b7

  • SHA1

    d53dd43610bbc5bb89c87aafd15f92373536ab06

  • SHA256

    629c3efea4c90a25c438c9d244f66a1de834bd72b5d04db8c9a8e1b16262b4f1

  • SHA512

    b487bdefdb517638902d3cd7cfdf64b2c92fa151304cdfa84e5a0185c0e067e6339b4d7027ff003a9650f3871b22d56a5dac3750d4c9b6bf8e83cd52ad3f78a1

  • SSDEEP

    3072:IbunJmzNjsGs/kEAbMQuyPjhahGbNal2TCI+AJNjchM1jndZ4kgnU5r+wYPDpJKP:CQ6jj/bdLacEl21+A8i1pmRGHYPDWJ

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      629c3efea4c90a25c438c9d244f66a1de834bd72b5d04db8c9a8e1b16262b4f1

    • Size

      297KB

    • MD5

      cf62868d0fee1310262d769deba482b7

    • SHA1

      d53dd43610bbc5bb89c87aafd15f92373536ab06

    • SHA256

      629c3efea4c90a25c438c9d244f66a1de834bd72b5d04db8c9a8e1b16262b4f1

    • SHA512

      b487bdefdb517638902d3cd7cfdf64b2c92fa151304cdfa84e5a0185c0e067e6339b4d7027ff003a9650f3871b22d56a5dac3750d4c9b6bf8e83cd52ad3f78a1

    • SSDEEP

      3072:IbunJmzNjsGs/kEAbMQuyPjhahGbNal2TCI+AJNjchM1jndZ4kgnU5r+wYPDpJKP:CQ6jj/bdLacEl21+A8i1pmRGHYPDWJ

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks