General

  • Target

    2aa906819aff92605c566f861097f904e0578875e503cdc053cabf7e42f59424

  • Size

    423KB

  • Sample

    230420-fjr5caff55

  • MD5

    640baa65f93d062703ccf136f5c1c6e4

  • SHA1

    b032d91d0fe4414c9916475b8340f9df746f6843

  • SHA256

    2aa906819aff92605c566f861097f904e0578875e503cdc053cabf7e42f59424

  • SHA512

    8590510bda0a4bb17b2a2c2b85b715b3a6eb274ab711bbb0bbe47bc0bcaa0eaad753719be9153529d2a0995882a9fea372c81d20518b834a5704f4684fe365a7

  • SSDEEP

    6144:pMstYbtSEknQ4WiAQdC36Jh4PaspUfKxmQnPxfYgDgTi/a9GBCmR:pMaYbgEz4WiAQdCqf4DlxAE2wasb

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      2aa906819aff92605c566f861097f904e0578875e503cdc053cabf7e42f59424

    • Size

      423KB

    • MD5

      640baa65f93d062703ccf136f5c1c6e4

    • SHA1

      b032d91d0fe4414c9916475b8340f9df746f6843

    • SHA256

      2aa906819aff92605c566f861097f904e0578875e503cdc053cabf7e42f59424

    • SHA512

      8590510bda0a4bb17b2a2c2b85b715b3a6eb274ab711bbb0bbe47bc0bcaa0eaad753719be9153529d2a0995882a9fea372c81d20518b834a5704f4684fe365a7

    • SSDEEP

      6144:pMstYbtSEknQ4WiAQdC36Jh4PaspUfKxmQnPxfYgDgTi/a9GBCmR:pMaYbgEz4WiAQdCqf4DlxAE2wasb

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks