General
-
Target
6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e
-
Size
1.1MB
-
Sample
230420-egpe1ahd5y
-
MD5
d99b95e45bb77629e36148da8a3ae8e7
-
SHA1
c8cbaf67b1421e1b648b59bb034009ccb3bf2c5e
-
SHA256
6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e
-
SHA512
6ec3fcc0184b4a7455f4a5f3719a955597ba6a8552a8676ee234f921583970615f3e05507e8d7f78942866dc89217627f6e265a0b4b0f292e9415679885cd2c0
-
SSDEEP
24576:wyoI57TE/bLARVc+VtkXdE61Hw1ymgrbVn6JWpVpNUFZFHSsD8:3J57TW4R/L1yZVGWzpajFH
Static task
static1
Behavioral task
behavioral1
Sample
6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e.exe
Resource
win10-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e
-
Size
1.1MB
-
MD5
d99b95e45bb77629e36148da8a3ae8e7
-
SHA1
c8cbaf67b1421e1b648b59bb034009ccb3bf2c5e
-
SHA256
6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e
-
SHA512
6ec3fcc0184b4a7455f4a5f3719a955597ba6a8552a8676ee234f921583970615f3e05507e8d7f78942866dc89217627f6e265a0b4b0f292e9415679885cd2c0
-
SSDEEP
24576:wyoI57TE/bLARVc+VtkXdE61Hw1ymgrbVn6JWpVpNUFZFHSsD8:3J57TW4R/L1yZVGWzpajFH
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-