Resubmissions

20-08-2024 14:12

240820-rjb9nswdmd 10

17-08-2024 19:49

240817-yjs1ratbnf 10

15-08-2024 17:38

240815-v7zlnavale 10

30-06-2023 12:04

230630-n8y8yshh95 10

General

  • Target

    cc.exe

  • Size

    501KB

  • Sample

    230630-n8y8yshh95

  • MD5

    f73e68f4995b58c9a1e47d67da9372ca

  • SHA1

    0760b6b12d99915182bee3e3fa0e9aabd7a830c0

  • SHA256

    ea741d942926073191df32a404977cc4afa3b17bcd34871faafbf7f61be71c26

  • SHA512

    a419e78a385ad5e11224dad96b508e7bb01209a21fad338722e68d1d92cd78b92267af13f037126d04e49451fa62f089edb6ee77f7d2ce1cb9e26d56473b02af

  • SSDEEP

    6144:HoR7YSOIypGIyGYdqfCwgKo74ERmvOJUlARI7hJEftv99J:yTPMlyldqfCwTE/QmJUlAO7hJElv9L

Malware Config

Targets

    • Target

      cc.exe

    • Size

      501KB

    • MD5

      f73e68f4995b58c9a1e47d67da9372ca

    • SHA1

      0760b6b12d99915182bee3e3fa0e9aabd7a830c0

    • SHA256

      ea741d942926073191df32a404977cc4afa3b17bcd34871faafbf7f61be71c26

    • SHA512

      a419e78a385ad5e11224dad96b508e7bb01209a21fad338722e68d1d92cd78b92267af13f037126d04e49451fa62f089edb6ee77f7d2ce1cb9e26d56473b02af

    • SSDEEP

      6144:HoR7YSOIypGIyGYdqfCwgKo74ERmvOJUlARI7hJEftv99J:yTPMlyldqfCwTE/QmJUlAO7hJElv9L

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks