General
-
Target
513c2e6464a187db3a83c3694bf19af41a7de41db217fcc40b4f2b80771bb6a5
-
Size
1.0MB
-
Sample
230420-cb55fseh22
-
MD5
0d6a2cd518c71a9956376dbd6ed2179e
-
SHA1
e883a1f2c079b33e93500bfa3aa80c6142e38470
-
SHA256
513c2e6464a187db3a83c3694bf19af41a7de41db217fcc40b4f2b80771bb6a5
-
SHA512
718234c3e794e4236ada71e656f3679324e8c051d70d6993497a4abd824c4939098cda7a0347cb67ba0c3b8719d36137ef72172204ff1b6dda84a061a39441e0
-
SSDEEP
24576:yyyEkNOMEpM+cyXzP/TdG3AC6IBpL6dU:ZZkNOvcA3TdGfB4
Static task
static1
Behavioral task
behavioral1
Sample
513c2e6464a187db3a83c3694bf19af41a7de41db217fcc40b4f2b80771bb6a5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
513c2e6464a187db3a83c3694bf19af41a7de41db217fcc40b4f2b80771bb6a5
-
Size
1.0MB
-
MD5
0d6a2cd518c71a9956376dbd6ed2179e
-
SHA1
e883a1f2c079b33e93500bfa3aa80c6142e38470
-
SHA256
513c2e6464a187db3a83c3694bf19af41a7de41db217fcc40b4f2b80771bb6a5
-
SHA512
718234c3e794e4236ada71e656f3679324e8c051d70d6993497a4abd824c4939098cda7a0347cb67ba0c3b8719d36137ef72172204ff1b6dda84a061a39441e0
-
SSDEEP
24576:yyyEkNOMEpM+cyXzP/TdG3AC6IBpL6dU:ZZkNOvcA3TdGfB4
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-