General

  • Target

    b8c2b5094dac8f5a85a4ef5a4b57d28d6e3a3715517ef1d1c8b0bbf796956412

  • Size

    298KB

  • Sample

    230420-c6nhwsfa88

  • MD5

    e1bbc2b75f9c9ba600e8b835ecf56156

  • SHA1

    7eae7524bac62dbdbb9a2d7ad92a0aed37c72bde

  • SHA256

    b8c2b5094dac8f5a85a4ef5a4b57d28d6e3a3715517ef1d1c8b0bbf796956412

  • SHA512

    7fee7f0116b37ae89d7468c55f437244b3b40692d66a8e705999564830630d6e0fc37e29d305f8970bb068dd9d8c86c549a46ea71f019adb74371d9a9a14bffe

  • SSDEEP

    6144:akVxEdZSQ+u4bQCKjlHW6stViqI3g4/ve:RxEdM84CZBIiqW

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      b8c2b5094dac8f5a85a4ef5a4b57d28d6e3a3715517ef1d1c8b0bbf796956412

    • Size

      298KB

    • MD5

      e1bbc2b75f9c9ba600e8b835ecf56156

    • SHA1

      7eae7524bac62dbdbb9a2d7ad92a0aed37c72bde

    • SHA256

      b8c2b5094dac8f5a85a4ef5a4b57d28d6e3a3715517ef1d1c8b0bbf796956412

    • SHA512

      7fee7f0116b37ae89d7468c55f437244b3b40692d66a8e705999564830630d6e0fc37e29d305f8970bb068dd9d8c86c549a46ea71f019adb74371d9a9a14bffe

    • SSDEEP

      6144:akVxEdZSQ+u4bQCKjlHW6stViqI3g4/ve:RxEdM84CZBIiqW

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks