General

  • Target

    Solara.exe

  • Size

    433KB

  • Sample

    240831-hw8c7s1eqr

  • MD5

    511f208e7b396defb7dce554e5d43ea4

  • SHA1

    890ab67abca71bd4785204cede30a39d5a168aef

  • SHA256

    cb6b38f445f334599088702569ed9c9d4b0a54c7c88097a16ec6e58055517a3c

  • SHA512

    32b4cdbc0c5b4205e0ec02a38dc5b6086b35388ec76aadfc6565497c2466bca1e4ecc601a581856078c77719131e6c19e867e59c038605e3a430dfc1e8f13ecd

  • SSDEEP

    12288:CCouY2+3Q1uRGysHZR0Ea6uatj8vxn8DDXOSb:vc1Q1pj5eEa6uS8ZnWX

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

    • Target

      Solara.exe

    • Size

      433KB

    • MD5

      511f208e7b396defb7dce554e5d43ea4

    • SHA1

      890ab67abca71bd4785204cede30a39d5a168aef

    • SHA256

      cb6b38f445f334599088702569ed9c9d4b0a54c7c88097a16ec6e58055517a3c

    • SHA512

      32b4cdbc0c5b4205e0ec02a38dc5b6086b35388ec76aadfc6565497c2466bca1e4ecc601a581856078c77719131e6c19e867e59c038605e3a430dfc1e8f13ecd

    • SSDEEP

      12288:CCouY2+3Q1uRGysHZR0Ea6uatj8vxn8DDXOSb:vc1Q1pj5eEa6uS8ZnWX

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks