General

  • Target

    60de8bdb2a6664035303aa070639569e.bin

  • Size

    276KB

  • Sample

    230420-bp638sgf2y

  • MD5

    f8a6d28d751d599f635ee99ae9ad2e96

  • SHA1

    a73a7e385353080bec32b3df8e687d9d32b8282b

  • SHA256

    bf79c70e729869008ea1de45c2b7e4a997d7407a4325dc15fb004722d9f7383b

  • SHA512

    405206ed3412e82a4aa482503e8be4dbb1690fc604384062c307388c7e7dd00611cf6010503607ebcc2c0ab6ebe7fc9539e6dff59e60a3ad89ff7b51595e8b6e

  • SSDEEP

    6144:9vvjXypXB3vfToCPmnMXDGboLTK5KUXGnjr4ppDcWmkkf:Qpx/f0M2n59XGnjrUhe

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      9e28586ab70b1abdccfe087d81e326a0703f75e9551ced187d37c51130ad02f5.exe

    • Size

      423KB

    • MD5

      60de8bdb2a6664035303aa070639569e

    • SHA1

      3579d2cc4d9ef28953a62ffecd331f955e7bf783

    • SHA256

      9e28586ab70b1abdccfe087d81e326a0703f75e9551ced187d37c51130ad02f5

    • SHA512

      bb6e262f10b3bad04d16857ba949f9a4acb468808ff8e19a6344521ec4e5e7ef993bfb931f7e2d731a3db2383720f0c533d027ab712959595bbb0fa2f9cebda8

    • SSDEEP

      6144:wRZY1s8KffUHDK9AbETusTTFW2hv00deZb63IXDnDD2LAMIv:wfcsbfeDKzTHTFxcdtdze0nv

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks