Brad · @malware_traffic
2104 followers · 87 posts · Server infosec.exchange
2023-01-12 (Thursday) - Google Ad --> Fake Notepad++ site textedit-notepad[.]com --> #Rhadamanthys (#RhadamanthysStealer)
I carved the inflated 777 MB EXE to remove all the padding. Sample available at:
- https://bazaar.abuse.ch/sample/2a4637eeb74d47ddbe7ff10f005806bce77ee877b9ae52f55bf6ae425cc3fcd5/
- https://tria.ge/230113-eqwwfahg9v
- https://app.any.run/tasks/3d9a4477-3053-47bf-a194-556b1ad97e23
C2 traffic:
- hxxp://164.90.172[.]224/blob/oo6nbv.a50a
#rhadamanthys #rhadamanthysstealer
Brad · @malware_traffic
2019 followers · 74 posts · Server infosec.exchange
2023-01-03 (Tuesday) - Blog for malware from Google ad --> fake Notepad++ page updated to show this as #RhadamanthysStealer malware.
Thanks to @500mk500, @ex_raritas, and @da_667 for identifying this sample!
https://malware-traffic-analysis.net/2023/01/03/index.html
To see the changes, you might have to refresh the page, if you've already visited it.