General

  • Target

    rhjryjyj.exe

  • Size

    467KB

  • Sample

    240827-pastys1fnk

  • MD5

    ab2d2914e268ac8754e408bdd6c109cd

  • SHA1

    936a1529158b699ebfaf97e937f17936d321920c

  • SHA256

    0f5978c1e5026feea6e28485ceb99b48105d73a77517faf40c1e57d638a5cdd4

  • SHA512

    c421cb6c41640e1866b891c941151903ad51e04a437b6d90faa6c732f2e98ef4172631453f9a60dcd8c0e4ffd39ec8c13277961c06a4119b10aff91037318fcf

  • SSDEEP

    12288:B67J/HG/VFbEB46/qW7MzwwQsWWejzl1OplmA39:B69tlCWM8wQsWW2FA39

Malware Config

Extracted

Family

rhadamanthys

C2

https://45.159.188.37:443/44194499adc4d2b753ee/gcj8ajmp.qnu3f

Targets

    • Target

      rhjryjyj.exe

    • Size

      467KB

    • MD5

      ab2d2914e268ac8754e408bdd6c109cd

    • SHA1

      936a1529158b699ebfaf97e937f17936d321920c

    • SHA256

      0f5978c1e5026feea6e28485ceb99b48105d73a77517faf40c1e57d638a5cdd4

    • SHA512

      c421cb6c41640e1866b891c941151903ad51e04a437b6d90faa6c732f2e98ef4172631453f9a60dcd8c0e4ffd39ec8c13277961c06a4119b10aff91037318fcf

    • SSDEEP

      12288:B67J/HG/VFbEB46/qW7MzwwQsWWejzl1OplmA39:B69tlCWM8wQsWW2FA39

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Enterprise v15

Tasks