General

  • Target

    71e3aa5ce21233342527dd6e7d64c23bf2cb229b08575f4b5e32c3c346d6a313

  • Size

    425KB

  • Sample

    230420-ngg6cshe39

  • MD5

    17eb1fed1b8154e2e8fcfd2aeebc9435

  • SHA1

    7972a7e19ef3ab64f392c7769ff13a571b9e3f3d

  • SHA256

    71e3aa5ce21233342527dd6e7d64c23bf2cb229b08575f4b5e32c3c346d6a313

  • SHA512

    4857f7bc28601c6b968cd7295856d804eaaf77ceedfbb5d14d339f9003e37e0209d5b18d038c1252e7276bc7c07826edf3c8d89bc91143720a631be2bf49bc2d

  • SSDEEP

    6144:34+/V8Ux/qEaq7mHDFsLnV4Mz1sEZ3r0G5BjKN2K/3Oe9lFBCmR:34ceUtqxqmDabV4S1HZ3n3KNpGe5b

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      71e3aa5ce21233342527dd6e7d64c23bf2cb229b08575f4b5e32c3c346d6a313

    • Size

      425KB

    • MD5

      17eb1fed1b8154e2e8fcfd2aeebc9435

    • SHA1

      7972a7e19ef3ab64f392c7769ff13a571b9e3f3d

    • SHA256

      71e3aa5ce21233342527dd6e7d64c23bf2cb229b08575f4b5e32c3c346d6a313

    • SHA512

      4857f7bc28601c6b968cd7295856d804eaaf77ceedfbb5d14d339f9003e37e0209d5b18d038c1252e7276bc7c07826edf3c8d89bc91143720a631be2bf49bc2d

    • SSDEEP

      6144:34+/V8Ux/qEaq7mHDFsLnV4Mz1sEZ3r0G5BjKN2K/3Oe9lFBCmR:34ceUtqxqmDabV4S1HZ3n3KNpGe5b

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks