Resubmissions

01/06/2025, 14:06

250601-rem6daxxe1 10

01/06/2025, 14:05

250601-rdxnesaq5w 10

General

  • Target

    Launcher.exe

  • Size

    2.3MB

  • Sample

    250601-rdxnesaq5w

  • MD5

    9092cea25591aed297058f3d732f7b0c

  • SHA1

    abf7cf8c283c10cae664147d35169f3c3e3443d1

  • SHA256

    4c0a71d0d6962689d5c6ea90549e667392369600681e23bb30c5debb5dd8ce61

  • SHA512

    8ec2ccd1299f71919623ec0244e4be2dffb6bc113b47a5007d025ee430ead2244610b922d0c213c12b4d0361cba52c0b4c919d4e5796b611ad73d41c125a7ef7

  • SSDEEP

    49152:1Gnb2B65Aei2scnK6zx9npX4vW04UJVYMdmyzrFWljlGCWX/EZ:1Gx5AeYcnjxj4xBMjgP

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

    • Target

      Launcher.exe

    • Size

      2.3MB

    • MD5

      9092cea25591aed297058f3d732f7b0c

    • SHA1

      abf7cf8c283c10cae664147d35169f3c3e3443d1

    • SHA256

      4c0a71d0d6962689d5c6ea90549e667392369600681e23bb30c5debb5dd8ce61

    • SHA512

      8ec2ccd1299f71919623ec0244e4be2dffb6bc113b47a5007d025ee430ead2244610b922d0c213c12b4d0361cba52c0b4c919d4e5796b611ad73d41c125a7ef7

    • SSDEEP

      49152:1Gnb2B65Aei2scnK6zx9npX4vW04UJVYMdmyzrFWljlGCWX/EZ:1Gx5AeYcnjxj4xBMjgP

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v16

Tasks