General

  • Target

    0ad3cef1975663e23f89c911bc6b3c78be8c15cd2e7e2c2f144a24fba681f243

  • Size

    426KB

  • Sample

    230420-l23lpaba9t

  • MD5

    cfcf830435a2766cc965046954e1ea95

  • SHA1

    a378583113eeafeac36f5f80877629fd12ccdb6b

  • SHA256

    0ad3cef1975663e23f89c911bc6b3c78be8c15cd2e7e2c2f144a24fba681f243

  • SHA512

    8ca2cc5f89ce08976c32ccfffe98b388037ebf1787f56cf9cfae0ee4ea40eee20badcaff08c4796e5621ee2596387362bddec0422aa6d07a455ee4f42cf69e29

  • SSDEEP

    6144:SoqqActgXLw6wh1lK2ONdcuW4EA06kle7xe6D1L+QG9yHBCmR:SoF1tGL1wVKpXW4Er6l7dAncb

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      0ad3cef1975663e23f89c911bc6b3c78be8c15cd2e7e2c2f144a24fba681f243

    • Size

      426KB

    • MD5

      cfcf830435a2766cc965046954e1ea95

    • SHA1

      a378583113eeafeac36f5f80877629fd12ccdb6b

    • SHA256

      0ad3cef1975663e23f89c911bc6b3c78be8c15cd2e7e2c2f144a24fba681f243

    • SHA512

      8ca2cc5f89ce08976c32ccfffe98b388037ebf1787f56cf9cfae0ee4ea40eee20badcaff08c4796e5621ee2596387362bddec0422aa6d07a455ee4f42cf69e29

    • SSDEEP

      6144:SoqqActgXLw6wh1lK2ONdcuW4EA06kle7xe6D1L+QG9yHBCmR:SoF1tGL1wVKpXW4Er6l7dAncb

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks