General
-
Target
c9b44a7b23f602a4f01758881a119e92b6798bf813502767bbfc54a7cd666c6d
-
Size
1.1MB
-
Sample
230420-db99vahb5w
-
MD5
c46bda17555cd4690c1cb5614c248ecc
-
SHA1
655789b5a3a99ecd877a36bd828c30fe556da0e2
-
SHA256
c9b44a7b23f602a4f01758881a119e92b6798bf813502767bbfc54a7cd666c6d
-
SHA512
db28e192f6a2a76575a28c11608c4a62e68cfbcf4b9207d703d3d1c01f0e13582d1dc0c62a1f9cf66c2e282d77bea057699ea9755020b7072163ed9e63d7aabc
-
SSDEEP
24576:UyLqPKJxH55AOCSAE9DJkxfdTOosoUTF0lMf5Id/z:jYiT79Jq4DFCMxq
Static task
static1
Behavioral task
behavioral1
Sample
c9b44a7b23f602a4f01758881a119e92b6798bf813502767bbfc54a7cd666c6d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
c9b44a7b23f602a4f01758881a119e92b6798bf813502767bbfc54a7cd666c6d
-
Size
1.1MB
-
MD5
c46bda17555cd4690c1cb5614c248ecc
-
SHA1
655789b5a3a99ecd877a36bd828c30fe556da0e2
-
SHA256
c9b44a7b23f602a4f01758881a119e92b6798bf813502767bbfc54a7cd666c6d
-
SHA512
db28e192f6a2a76575a28c11608c4a62e68cfbcf4b9207d703d3d1c01f0e13582d1dc0c62a1f9cf66c2e282d77bea057699ea9755020b7072163ed9e63d7aabc
-
SSDEEP
24576:UyLqPKJxH55AOCSAE9DJkxfdTOosoUTF0lMf5Id/z:jYiT79Jq4DFCMxq
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-