General
-
Target
2f0c086f95d6ea60f620ba33900434ae8b16f4629d68f08c715462d0e62db96e
-
Size
1.0MB
-
Sample
230420-czf58sha7t
-
MD5
1887bb3c711ddc73cf61b5bb2a605863
-
SHA1
a38fa6b761ecea0f3ddb176a386c35aefd46d499
-
SHA256
2f0c086f95d6ea60f620ba33900434ae8b16f4629d68f08c715462d0e62db96e
-
SHA512
5f013e91f18a64c390463f25dfbc2fa071641c942939f7b20183f2a2726659271671ee2ab8b391cbef9b2bbc33c458757f15592299e88eed9eb6ea554828c705
-
SSDEEP
24576:WyfEOGIKTFsyStsZC0FS25akQkNs3U1T+ZPxVdFm:lfE/IQFsyStbVwNOF7H
Static task
static1
Behavioral task
behavioral1
Sample
2f0c086f95d6ea60f620ba33900434ae8b16f4629d68f08c715462d0e62db96e.exe
Resource
win10-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
2f0c086f95d6ea60f620ba33900434ae8b16f4629d68f08c715462d0e62db96e
-
Size
1.0MB
-
MD5
1887bb3c711ddc73cf61b5bb2a605863
-
SHA1
a38fa6b761ecea0f3ddb176a386c35aefd46d499
-
SHA256
2f0c086f95d6ea60f620ba33900434ae8b16f4629d68f08c715462d0e62db96e
-
SHA512
5f013e91f18a64c390463f25dfbc2fa071641c942939f7b20183f2a2726659271671ee2ab8b391cbef9b2bbc33c458757f15592299e88eed9eb6ea554828c705
-
SSDEEP
24576:WyfEOGIKTFsyStsZC0FS25akQkNs3U1T+ZPxVdFm:lfE/IQFsyStbVwNOF7H
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-