General

  • Target

    89c47d8c00436ecf715c0e09b41dc1d1334ee4a180d3304e67439118bdb345c5

  • Size

    298KB

  • Sample

    230420-d4ptlshc8z

  • MD5

    87ec6de16bf3d5ac8c9cd9d24cb2f75d

  • SHA1

    2a49938820c295e71d1a0aaa21e5cf7708537b84

  • SHA256

    89c47d8c00436ecf715c0e09b41dc1d1334ee4a180d3304e67439118bdb345c5

  • SHA512

    5358e4ef79fc7aade2bb18ec3678ec236af76f3b3215a9bf0449398cd4d88bc85b2e02f992097e8d9370e7a9061c6d1c8f7ed48babc36fe0556775f2f1dae88b

  • SSDEEP

    3072:XR/TLN4cSsbehHwNAJqOk7vEAChEOMmWU1xMfH6x+HQSXz7bm1eksL3sZ5/XLRL:hl4qbeR1IOk74v8G+vjm137vg4/ve

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      89c47d8c00436ecf715c0e09b41dc1d1334ee4a180d3304e67439118bdb345c5

    • Size

      298KB

    • MD5

      87ec6de16bf3d5ac8c9cd9d24cb2f75d

    • SHA1

      2a49938820c295e71d1a0aaa21e5cf7708537b84

    • SHA256

      89c47d8c00436ecf715c0e09b41dc1d1334ee4a180d3304e67439118bdb345c5

    • SHA512

      5358e4ef79fc7aade2bb18ec3678ec236af76f3b3215a9bf0449398cd4d88bc85b2e02f992097e8d9370e7a9061c6d1c8f7ed48babc36fe0556775f2f1dae88b

    • SSDEEP

      3072:XR/TLN4cSsbehHwNAJqOk7vEAChEOMmWU1xMfH6x+HQSXz7bm1eksL3sZ5/XLRL:hl4qbeR1IOk74v8G+vjm137vg4/ve

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks