General

  • Target

    4cde8dc79397be32711a5bd4e410d0f8.dll

  • Size

    6.2MB

  • Sample

    240829-glxnaaydrl

  • MD5

    4cde8dc79397be32711a5bd4e410d0f8

  • SHA1

    65c41f0f6b814e21707a263c64cd4f36bca9afd1

  • SHA256

    35b10e20e02dd63651ba1d67b48147c0b6f916f54a4dc1b8c3b2946f37aa337e

  • SHA512

    f6bfa6e4ef3f5b5876b6756013dfd2d9faf4bcd8d795257f6ed48c4223830931fd50b84039ce4838564cf5b47127f6aee26bf5cddfc2fcfd35b538ba87071054

  • SSDEEP

    49152:zChvv6FzlQKxCjGj+Vd4OscisICzSHgz/1ooOEO3/8CJtQmqFkCn3sSJ5hp6A0+a:zChvydfkj2m4WIG/1Iv4PekkkdH+F

Malware Config

Extracted

Family

rhadamanthys

C2

https://15.235.176.166:8344/ecda3896be16ad7255/wp7s4npg.mmar7

Targets

    • Target

      4cde8dc79397be32711a5bd4e410d0f8.dll

    • Size

      6.2MB

    • MD5

      4cde8dc79397be32711a5bd4e410d0f8

    • SHA1

      65c41f0f6b814e21707a263c64cd4f36bca9afd1

    • SHA256

      35b10e20e02dd63651ba1d67b48147c0b6f916f54a4dc1b8c3b2946f37aa337e

    • SHA512

      f6bfa6e4ef3f5b5876b6756013dfd2d9faf4bcd8d795257f6ed48c4223830931fd50b84039ce4838564cf5b47127f6aee26bf5cddfc2fcfd35b538ba87071054

    • SSDEEP

      49152:zChvv6FzlQKxCjGj+Vd4OscisICzSHgz/1ooOEO3/8CJtQmqFkCn3sSJ5hp6A0+a:zChvydfkj2m4WIG/1Iv4PekkkdH+F

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks