General

  • Target

    1d1505d6acae5dfe0ad58fddd7933cfc.exe

  • Size

    442KB

  • Sample

    241010-hgykfszeqe

  • MD5

    1d1505d6acae5dfe0ad58fddd7933cfc

  • SHA1

    ec64dd991550788047d6e512b8d17a7d73e48c6a

  • SHA256

    46298b16b10079f44ee9515920de3391bd0590c36427e15ba81841a5e686bb79

  • SHA512

    ee14b7b6b1b9845d61786a11f1d5da757898212d634637aceb276077c803b79e614fe46a07403108c4430e82010adccc5b32a0183e85b998f38ed9f7030d70bf

  • SSDEEP

    12288:m+RQLpoHCpa7QDoGukWV1hC8kVOYfCYfQ8O6akF19ecKPs:mtNDILn8u

Malware Config

Extracted

Family

rhadamanthys

C2

https://135.181.4.162:2423/97e9fc994198e76/q4cs18w4.g9muv

Targets

    • Target

      1d1505d6acae5dfe0ad58fddd7933cfc.exe

    • Size

      442KB

    • MD5

      1d1505d6acae5dfe0ad58fddd7933cfc

    • SHA1

      ec64dd991550788047d6e512b8d17a7d73e48c6a

    • SHA256

      46298b16b10079f44ee9515920de3391bd0590c36427e15ba81841a5e686bb79

    • SHA512

      ee14b7b6b1b9845d61786a11f1d5da757898212d634637aceb276077c803b79e614fe46a07403108c4430e82010adccc5b32a0183e85b998f38ed9f7030d70bf

    • SSDEEP

      12288:m+RQLpoHCpa7QDoGukWV1hC8kVOYfCYfQ8O6akF19ecKPs:mtNDILn8u

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks