Resubmissions

01-09-2024 18:16

240901-wwfj3sydra 10

01-09-2024 18:12

240901-wtngxaydkf 1

General

  • Target

    Solara.zip

  • Size

    13.4MB

  • Sample

    240901-wwfj3sydra

  • MD5

    6fe0bb4598fba38e1c2dc25b084ae38e

  • SHA1

    7514257cc85b0a2d4b218f43f9a8f4dd61c545cf

  • SHA256

    ceaed51bfaf0862e89a1790376ff6969bcc7c266e2c7b73cf67f57ad3ca7a397

  • SHA512

    232b90973680eadbf11851fa20dc1e0ffbcae86f14bd8b605964a593775705cdc69dcb3cd9a5ab66ce18785c2a098df75f58392b1c3d6a04f28c57541fdc632b

  • SSDEEP

    393216:+H7gx90ywmq3gvGQ1HUPri1xktbsUjOBo+mt:u7e92v+PRUDi1QvaoTt

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

    • Target

      Solara.zip

    • Size

      13.4MB

    • MD5

      6fe0bb4598fba38e1c2dc25b084ae38e

    • SHA1

      7514257cc85b0a2d4b218f43f9a8f4dd61c545cf

    • SHA256

      ceaed51bfaf0862e89a1790376ff6969bcc7c266e2c7b73cf67f57ad3ca7a397

    • SHA512

      232b90973680eadbf11851fa20dc1e0ffbcae86f14bd8b605964a593775705cdc69dcb3cd9a5ab66ce18785c2a098df75f58392b1c3d6a04f28c57541fdc632b

    • SSDEEP

      393216:+H7gx90ywmq3gvGQ1HUPri1xktbsUjOBo+mt:u7e92v+PRUDi1QvaoTt

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

    • Target

      Password - github.txt

    • Size

      17B

    • MD5

      37681049ce7c84867108bfb4216689be

    • SHA1

      f95e814713dfe83170513a6014aec373c9c0d006

    • SHA256

      4ae8508642027b5e5373a40b38da75c2a36ee3e99f693650c0803168533dbbc7

    • SHA512

      0b46362b0ae7afd192dee66e0fac2f213f2d93603adf9c2325eef23a22076f7eeccb2515313660881ebba1058fa5762f51eab143fb92c0c7e05b103a52d1b9fc

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks