Dosya Kimligi
| SHA256 | a793c1a77afeb7d85ee49f93c61fde0e2fec841a9d79d87d02524cf9034909b2 |
|---|---|
| Dosya Adi | metacore-loader.exe |
| Boyut | 171.520 byte |
| String Sayisi | 1.176 |
Acik Metin C2 -- DOGRULANMIS
http://176.46.152.62 <-- Rhadamanthys C2 HTTP endpoint 176.46.152.62:5858 <-- C2 IP:Port (PORT: 5858)
Rhadamanthys Hakkinda
Rhadamanthys, 2022 sonunda ortaya cikan C++ premium infostealer ailesidir. 250 USD/ay abonelik modeli. Loader (metacore-loader.exe) + stealer DLL mimarisi. Tarayici, kripto cuzdan, FTP, VPN, email hedefler.
IOC
| SHA256 | a793c1a77afeb7d85ee49f93c61fde0e2fec841a9d79d87d02524cf9034909b2 |
|---|---|
| C2 IP | 176.46.152.62 |
| C2 Port | 5858 |
| Protokol | HTTP |
Rhadamanthys — Malware Profile
Rhadamanthys, 2022 de ortaya cikan C++ premium infostealer ailesidir. 250 USD/ay abonelik. Tarayici, kripto, FTP, VPN, email, oyun platformlarini hedefler. Loader + stealer DLL mimarisi.
Technical Details
C++, HTTP/HTTPS C2, modular plugin-tabanli mimari, genis tarayici credential theft, kripto wallet scraper (MetaMask/Phantom), steganography destekli payload, fingerprint (UUID/HWID), process injection
Capabilities & Behavior
IOC List (2 indicators)
# SHA256
a793c1a77afeb7d85ee49f93c61fde0e2fec841a9d79d87d02524cf9034909b2
# IP
176.46.152.62
| Type | Value | Note |
|---|---|---|
| sha256 | a793c1a77afeb7d85ee49f93c61fde0e2fec841a9d79d87d02524cf9034909b2 | |
| ip | 176.46.152.62 |
C2 Servers (4 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| 94.131.106.195 | ip | 443 | HTTPS | inactive | RU |
| 185.106.122.144 | ip | 443 | HTTPS | inactive | CZ |
| 185.106.120.55 | ip | 80 | HTTP | inactive | RU |
| 176.46.152.62 | ip | 5858 | HTTP | inactive | — |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.