Resubmissions

27-11-2024 10:04

241127-l4b7hsypdy 10

31-08-2023 04:03

230831-emrsbada47 10

General

  • Target

    cb077e5958593c5cafb1b97f86290e20d5eced55dc578384672e495415bd0eee

  • Size

    456KB

  • Sample

    241127-l4b7hsypdy

  • MD5

    c4354ae6f7b89c0735806b6798bfa2ce

  • SHA1

    5d6d69e31a6f7b9850e817215ba55e24f77c7afd

  • SHA256

    cb077e5958593c5cafb1b97f86290e20d5eced55dc578384672e495415bd0eee

  • SHA512

    6d88891da85464e9f19889c7766064422b285d6eefa46ff5c1d3962833074f96203b6b2bf83db9ae3fef1a50c1297d0bfc14a74cca72c7f00f1b54b6e4419daf

  • SSDEEP

    6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9++:2uWP/BZUyoLu8Agsmxwrvejkd2

Malware Config

Extracted

Family

rhadamanthys

C2

https://94.156.253.150:7546/0233854059f266b/jvku9fhs.96qpp

Targets

    • Target

      cb077e5958593c5cafb1b97f86290e20d5eced55dc578384672e495415bd0eee

    • Size

      456KB

    • MD5

      c4354ae6f7b89c0735806b6798bfa2ce

    • SHA1

      5d6d69e31a6f7b9850e817215ba55e24f77c7afd

    • SHA256

      cb077e5958593c5cafb1b97f86290e20d5eced55dc578384672e495415bd0eee

    • SHA512

      6d88891da85464e9f19889c7766064422b285d6eefa46ff5c1d3962833074f96203b6b2bf83db9ae3fef1a50c1297d0bfc14a74cca72c7f00f1b54b6e4419daf

    • SSDEEP

      6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9++:2uWP/BZUyoLu8Agsmxwrvejkd2

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Enterprise v15

Tasks