General
-
Target
c1e4d8cca13adfcd4b7baa0eaf520972.bin
-
Size
1.2MB
-
Sample
230420-canh1seg86
-
MD5
838e140daa3312313d9c4c54cc555800
-
SHA1
8f313732d67730c8e0d6a230be42ea822d941d80
-
SHA256
87c7648d555bf196d920fc2d6d35e32a328ab5e00631dd1f572862676931e8d2
-
SHA512
eaacfe8fb3733b7061adec92837588f6dbf1ed9de3a28240434cac99f35e854fdff32edb131af34eb238efc7cbacdc26a2900fe6493d2f2484dbab637cd350ff
-
SSDEEP
24576:9KDCInxhWIcFaEfDES01kEZg3liFaDrtmxZcTBn6ZyLe:eHcF/fDz2ZgsFIrtms56Zce
Static task
static1
Behavioral task
behavioral1
Sample
b71c9fa76559692a04807f0e669631f42a65f210bd0d043735fc945cb3155a15.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b71c9fa76559692a04807f0e669631f42a65f210bd0d043735fc945cb3155a15.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
b71c9fa76559692a04807f0e669631f42a65f210bd0d043735fc945cb3155a15.exe
-
Size
1.2MB
-
MD5
c1e4d8cca13adfcd4b7baa0eaf520972
-
SHA1
95e1976b0fdb0e7caf240faaa896ce42624a0cb4
-
SHA256
b71c9fa76559692a04807f0e669631f42a65f210bd0d043735fc945cb3155a15
-
SHA512
f98f675971588d79e75e8abfd17aa3c692e48b0223a60bb98e2a98cb686c0e5d53882e415b1f5d69ea07267ef08631b4932bc520b488feee2c59df07d6dbe7de
-
SSDEEP
24576:Dy7bhfU7DmI1OueY0um4TvMMDpm660eNi8qQscTHn238lExZYG2w:W3hf0x1HetzOpm60k8gcTnmTxGV
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-