General

  • Target

    Software_Setup.exe

  • Size

    74.9MB

  • Sample

    240914-yb6a4ssapp

  • MD5

    707c20a0de59fe418045e8cb90e4e8f9

  • SHA1

    a1404eb652921a2808781cf09daecc363dbf5010

  • SHA256

    589b622872cef5c5ca4af70a9bba031ee462e555e83213bd73c7511af550e417

  • SHA512

    de4f99b62cd02d02cb4f4ebc65078860a6c43293f1b9f1e2e88caf7ceb8c6b690b6adcca013568e721b4986a068ac22c51a20499d6f41c1fa8ab5b3030754269

  • SSDEEP

    1572864:Whw53fhw53fhw53fhw53fhw53fhw53fhw53:beeeeee

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.184.26.10:4928/e4eb12414c95175ccfd/Other4

Targets

    • Target

      Software_Setup.exe

    • Size

      74.9MB

    • MD5

      707c20a0de59fe418045e8cb90e4e8f9

    • SHA1

      a1404eb652921a2808781cf09daecc363dbf5010

    • SHA256

      589b622872cef5c5ca4af70a9bba031ee462e555e83213bd73c7511af550e417

    • SHA512

      de4f99b62cd02d02cb4f4ebc65078860a6c43293f1b9f1e2e88caf7ceb8c6b690b6adcca013568e721b4986a068ac22c51a20499d6f41c1fa8ab5b3030754269

    • SSDEEP

      1572864:Whw53fhw53fhw53fhw53fhw53fhw53fhw53:beeeeee

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks