General

  • Target

    bcbdacb.exe

  • Size

    1.2MB

  • Sample

    230615-n72mpagd6v

  • MD5

    b99290063c63c1449c6d61c62f95528d

  • SHA1

    dc80d751832030dbe05bb34e691a6237e2a224b5

  • SHA256

    162833c025dda5b2154fc193bc71bc3e375794e13f6392f387839599df9d90e0

  • SHA512

    4f6b717d1c18042243f7f62009e2638fa51e2a7139285a8469e3ba2458dc658ef6ccc8401b7c1ade0742c4dd6dd7ab98c487165f0142558191e9a7192c57c19c

  • SSDEEP

    12288:UPqvdlwvVVmpmiUkWnbaczXSisUFhiqNnuJCbM/C3irgP92vjy9jhBvcS5K+xlBW:Uy5iV7bTEyhBVdhPTyITdOqa

Score
10/10

Malware Config

Extracted

Family

rhadamanthys

C2

http://31.41.244.38/blob/3msszg.qzbo

Targets

    • Target

      bcbdacb.exe

    • Size

      1.2MB

    • MD5

      b99290063c63c1449c6d61c62f95528d

    • SHA1

      dc80d751832030dbe05bb34e691a6237e2a224b5

    • SHA256

      162833c025dda5b2154fc193bc71bc3e375794e13f6392f387839599df9d90e0

    • SHA512

      4f6b717d1c18042243f7f62009e2638fa51e2a7139285a8469e3ba2458dc658ef6ccc8401b7c1ade0742c4dd6dd7ab98c487165f0142558191e9a7192c57c19c

    • SSDEEP

      12288:UPqvdlwvVVmpmiUkWnbaczXSisUFhiqNnuJCbM/C3irgP92vjy9jhBvcS5K+xlBW:Uy5iV7bTEyhBVdhPTyITdOqa

    Score
    10/10
    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks