General
-
Target
3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63
-
Size
1.1MB
-
Sample
230420-chfs5seh65
-
MD5
91aaadc1c227a5cca42e4837466d942a
-
SHA1
ef63acc704859bc3a9affa47a8bd4dc61d78ac93
-
SHA256
3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63
-
SHA512
74925295bc13c21dbfd441cfd6a3cf639873b3b5b52826aa361182d1ee1cd9080876bdd1dd3b700ab53019566f0d3821c60d7a78407e09898493a7b64002c09d
-
SSDEEP
24576:0yge08B8I54qsprUQi4MhYoouPU2Bo5H:D35lOrUscYooSBo5
Static task
static1
Behavioral task
behavioral1
Sample
3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63.exe
Resource
win10-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63
-
Size
1.1MB
-
MD5
91aaadc1c227a5cca42e4837466d942a
-
SHA1
ef63acc704859bc3a9affa47a8bd4dc61d78ac93
-
SHA256
3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63
-
SHA512
74925295bc13c21dbfd441cfd6a3cf639873b3b5b52826aa361182d1ee1cd9080876bdd1dd3b700ab53019566f0d3821c60d7a78407e09898493a7b64002c09d
-
SSDEEP
24576:0yge08B8I54qsprUQi4MhYoouPU2Bo5H:D35lOrUscYooSBo5
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-