General

  • Target

    XWorm.exe

  • Size

    456KB

  • Sample

    241128-nevzfawkay

  • MD5

    515a0c8be21a5ba836e5687fc2d73333

  • SHA1

    c52be9d0d37ac1b8d6bc09860e68e9e0615255ab

  • SHA256

    9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae

  • SHA512

    4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522

  • SSDEEP

    6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

    • Target

      XWorm.exe

    • Size

      456KB

    • MD5

      515a0c8be21a5ba836e5687fc2d73333

    • SHA1

      c52be9d0d37ac1b8d6bc09860e68e9e0615255ab

    • SHA256

      9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae

    • SHA512

      4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522

    • SSDEEP

      6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

MITRE ATT&CK Enterprise v15

Tasks