General
-
Target
https://bazaar.abuse.ch/browse/
-
Sample
241026-jkn1vsshpm
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
45.202.35.85:6615
Extracted
Family
rhadamanthys
C2
https://185.196.11.237:9697/f002171ab05c7/9xqdctgg.ir1fr
Targets
-
-
Target
https://bazaar.abuse.ch/browse/
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1