General

  • Target

    setup.exe

  • Size

    298KB

  • Sample

    230420-axyamaec96

  • MD5

    df16d5e9904bbaff20a19abc2649cde9

  • SHA1

    9a9b44f7ac4b5ec6a31faa61444e906ef47e8467

  • SHA256

    411ae76fa21378768d5038fa423837cf9909e5f91fa15e04e9a1c4a364b5b3a7

  • SHA512

    67335a822f25e5f87c9ed03f3945dc92ee8cdf06326a60cfa9083b16c4ec9d8721731dcf145e281b02c7e4a252fb2e2bd9a785286164bade0b4c0d02c808dc9c

  • SSDEEP

    6144:AiUlFQB0QCCJuve4fOQH+5abvsc74Rzxhl0asJg4/ve3:AFFBYx4fvKcEJa

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      setup.exe

    • Size

      298KB

    • MD5

      df16d5e9904bbaff20a19abc2649cde9

    • SHA1

      9a9b44f7ac4b5ec6a31faa61444e906ef47e8467

    • SHA256

      411ae76fa21378768d5038fa423837cf9909e5f91fa15e04e9a1c4a364b5b3a7

    • SHA512

      67335a822f25e5f87c9ed03f3945dc92ee8cdf06326a60cfa9083b16c4ec9d8721731dcf145e281b02c7e4a252fb2e2bd9a785286164bade0b4c0d02c808dc9c

    • SSDEEP

      6144:AiUlFQB0QCCJuve4fOQH+5abvsc74Rzxhl0asJg4/ve3:AFFBYx4fvKcEJa

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks