General
-
Target
1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76
-
Size
1.1MB
-
Sample
230420-c6ekzsfa82
-
MD5
d03fb76ee375f2a4c8b6022f76dcce07
-
SHA1
29165788a382dc62a22e05e127f1e750662798f9
-
SHA256
1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76
-
SHA512
ddaa972b753258b25d835b81944d132b4897e81df8c357be4099c2cf61f823fba8fb3c27a4b6cad7c5103835c3db100cf0a7aa7310299f4c483b0e5094e5e87d
-
SSDEEP
24576:7yX+HKSAW3zCaODuALAv0COfYl1maSWc8gFpE8VK/9:uX5SAW3zCJq30DqmahclFpk
Static task
static1
Behavioral task
behavioral1
Sample
1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76
-
Size
1.1MB
-
MD5
d03fb76ee375f2a4c8b6022f76dcce07
-
SHA1
29165788a382dc62a22e05e127f1e750662798f9
-
SHA256
1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76
-
SHA512
ddaa972b753258b25d835b81944d132b4897e81df8c357be4099c2cf61f823fba8fb3c27a4b6cad7c5103835c3db100cf0a7aa7310299f4c483b0e5094e5e87d
-
SSDEEP
24576:7yX+HKSAW3zCaODuALAv0COfYl1maSWc8gFpE8VK/9:uX5SAW3zCJq30DqmahclFpk
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-