General

  • Target

    dff2e9fb94f1d24b1f48288af0bf9d3bf76dc039f6e270ef2c44eb26e96179af

  • Size

    298KB

  • Sample

    230419-v9956scd44

  • MD5

    9e6329c1ceaae892b709f20abcbefb96

  • SHA1

    ec8470ed41b0be82945b5182b186166e4eb95791

  • SHA256

    dff2e9fb94f1d24b1f48288af0bf9d3bf76dc039f6e270ef2c44eb26e96179af

  • SHA512

    2dabc7eabfba82f8fc807d0bf17035821b9ac28191aaedf27dc1aee27cd397dec5a75fc893ed4ea2e250e8619dbb58e34193a0d08db41a6ce073f0cd61ec2f12

  • SSDEEP

    6144:zholEa1TA7CFlBwVedSoxJfEbie4kLJF7s5YPDWJb:zoXUsB8edSoxibi27

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      dff2e9fb94f1d24b1f48288af0bf9d3bf76dc039f6e270ef2c44eb26e96179af

    • Size

      298KB

    • MD5

      9e6329c1ceaae892b709f20abcbefb96

    • SHA1

      ec8470ed41b0be82945b5182b186166e4eb95791

    • SHA256

      dff2e9fb94f1d24b1f48288af0bf9d3bf76dc039f6e270ef2c44eb26e96179af

    • SHA512

      2dabc7eabfba82f8fc807d0bf17035821b9ac28191aaedf27dc1aee27cd397dec5a75fc893ed4ea2e250e8619dbb58e34193a0d08db41a6ce073f0cd61ec2f12

    • SSDEEP

      6144:zholEa1TA7CFlBwVedSoxJfEbie4kLJF7s5YPDWJb:zoXUsB8edSoxibi27

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks