General

  • Target

    aded697ad1b250aa913cd9891a52e1d9d24ecadc0ba308d6169eb00f35639f69

  • Size

    420KB

  • Sample

    230420-lglgnsgh65

  • MD5

    4db7daf0536155de4d7e2f4d493901ee

  • SHA1

    4c1136a86a64b7857e28fe6d06a87b6c1a35ecd1

  • SHA256

    aded697ad1b250aa913cd9891a52e1d9d24ecadc0ba308d6169eb00f35639f69

  • SHA512

    8ae3dea4fcede3f4fa1079e0a667576462eca06bc0bcc8e663118c960bad64fee395c0528eec2392745f8c5d47175a26e1d55b43622038103761fc58abfc2310

  • SSDEEP

    6144:vuf4fm9xxAt5TqEuqhI9juzweBJhDbNWjBTW3o29JFA8/O279GBCmR:vuA+xut9xlIwEeBJhvNFo25DQb

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      aded697ad1b250aa913cd9891a52e1d9d24ecadc0ba308d6169eb00f35639f69

    • Size

      420KB

    • MD5

      4db7daf0536155de4d7e2f4d493901ee

    • SHA1

      4c1136a86a64b7857e28fe6d06a87b6c1a35ecd1

    • SHA256

      aded697ad1b250aa913cd9891a52e1d9d24ecadc0ba308d6169eb00f35639f69

    • SHA512

      8ae3dea4fcede3f4fa1079e0a667576462eca06bc0bcc8e663118c960bad64fee395c0528eec2392745f8c5d47175a26e1d55b43622038103761fc58abfc2310

    • SSDEEP

      6144:vuf4fm9xxAt5TqEuqhI9juzweBJhDbNWjBTW3o29JFA8/O279GBCmR:vuA+xut9xlIwEeBJhvNFo25DQb

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks