General
-
Target
XWorm.exe
-
Size
456KB
-
Sample
241128-nevzfawkay
-
MD5
515a0c8be21a5ba836e5687fc2d73333
-
SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
-
SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
-
SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
-
SSDEEP
6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Behavioral task
behavioral1
Sample
XWorm.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
XWorm.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif
Targets
-
-
Target
XWorm.exe
-
Size
456KB
-
MD5
515a0c8be21a5ba836e5687fc2d73333
-
SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
-
SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
-
SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
-
SSDEEP
6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-