General

  • Target

    c4542f600e2883dd58d8dc6753f40945.exe

  • Size

    7.3MB

  • Sample

    241016-g72jcs1fmm

  • MD5

    c4542f600e2883dd58d8dc6753f40945

  • SHA1

    a6a045a010ca258d4c8ad0fe08ceb378bea08bf6

  • SHA256

    7a83b820d1dc7794788ac1ce4f9165d2ba29fe33bf743d8316391244044e8d2d

  • SHA512

    1b310765a5267a886a590e1eeb1389c126d89f16b15abc197903ca40ff2fc4cec471d2b9c2e62f6d0111402c918d312fc7bfda1ec85d24cf5a6b24069d2fdacd

  • SSDEEP

    196608:leRYjLNtskrjbA1LTsTRUotGcbxw01XnqXoIX:lVLN7jbGUTRUUB1n

Malware Config

Extracted

Family

rhadamanthys

C2

https://45.202.35.41:2085/498d0f4cfcafbce1543c5cc/10m$

Targets

    • Target

      c4542f600e2883dd58d8dc6753f40945.exe

    • Size

      7.3MB

    • MD5

      c4542f600e2883dd58d8dc6753f40945

    • SHA1

      a6a045a010ca258d4c8ad0fe08ceb378bea08bf6

    • SHA256

      7a83b820d1dc7794788ac1ce4f9165d2ba29fe33bf743d8316391244044e8d2d

    • SHA512

      1b310765a5267a886a590e1eeb1389c126d89f16b15abc197903ca40ff2fc4cec471d2b9c2e62f6d0111402c918d312fc7bfda1ec85d24cf5a6b24069d2fdacd

    • SSDEEP

      196608:leRYjLNtskrjbA1LTsTRUotGcbxw01XnqXoIX:lVLN7jbGUTRUUB1n

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks