General

  • Target

    d0614f1102634f28ff21ed8b94c0e65f.bin

  • Size

    277KB

  • Sample

    230420-cdy4xseh35

  • MD5

    8d60887a4ddbb8f5702d3cacb96597f9

  • SHA1

    2c4c61e7245ec89d037adbe21456472cacc6734d

  • SHA256

    893c47fa201026d749c5bf8c70fd43ad06d2b6b94e44f32783eaf67986080754

  • SHA512

    a71e950c3e16c3fe5d48edcab63abd8d94808f8e0400a436663f0713e86455964553835c113d624e17ba92ac1bcae1db1154526fd4213e7bc1373597c5e1223e

  • SSDEEP

    6144:yf64SPVLsx/yZMxouJHpKpfWJCHZDrfbQLBOml4eRvBFGXBS:yf64SdLsx/yduNpakChELBOmlZRD

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      8316ddf96fbfcff9863eaa1408a96e76ff6f4fdd96f868b6c5699e9bd18b1131.exe

    • Size

      424KB

    • MD5

      d0614f1102634f28ff21ed8b94c0e65f

    • SHA1

      71ea68917394332ab5b7e60664541afe93f273d3

    • SHA256

      8316ddf96fbfcff9863eaa1408a96e76ff6f4fdd96f868b6c5699e9bd18b1131

    • SHA512

      fb826f3e58ba17c57c9cc4f671d0784fda46275072e4fa9cde9bf482323139e7943120e79e6788844fa9d7a953fe0db475fabc0fac60441cf827fd23a199dcce

    • SSDEEP

      6144:KM8+qWJsg3sQWKkjRMr28cPU2q9lFiQnpEX8NE/2nURQhYBIv:KM85En3sQWKkFMdeq9lB+4M4Cyv

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks