rhadamanthys | de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb

Analysis

max time kernel
51s
max time network
63s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
17/12/2022, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe
Size

286KB
MD5

8db42d4730e86fde86fbd7ba3cee7d1a
SHA1

2761f6379cf22e62658eb166a147c9a354b4e883
SHA256

de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb
SHA512

9b506f70f8272ab24f27a193bfd9a1ce4ea230cd03e5386db90ee7c50df1c78d173f98f225748a4981a4c3ce29d91c841c450c77ac9db03bf1bb85312cd42c9a
SSDEEP

6144:8jLMhEpZ5Mn4wjKq4ZamidWrqZRK2gzwB040M2b:8jjnm4eKq4ZamkR2q

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Detect rhadamanthys stealer shellcode 2 IoCs

resource	yara_rule
behavioral1/memory/2732-170-0x0000000000590000-0x00000000005AD000-memory.dmp	family_rhadamanthys
behavioral1/memory/2732-172-0x0000000000590000-0x00000000005AD000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2732	de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe
2732	de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe
2732	de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1920	2732	WerFault.exe	65

C:\Users\Admin\AppData\Local\Temp\de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe
"C:\Users\Admin\AppData\Local\Temp\de07e46f83f280f37e1f83a602a7673fe1844ed4a52be14c8ae5760a9fa1d1cb.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 664
  2⤵
  - Program crash
  PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2732-120-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-121-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-122-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-125-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-124-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-126-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-123-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-128-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-129-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-130-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-131-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-132-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-133-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-134-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-135-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-136-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-137-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-138-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-139-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-140-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-141-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-142-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-144-0x00000000005C0000-0x000000000070A000-memory.dmp

Filesize
1.3MB

Download
memory/2732-143-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-145-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-146-0x00000000005C0000-0x000000000070A000-memory.dmp

Filesize
1.3MB

Download
memory/2732-147-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-148-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-149-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-150-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-151-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-152-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-153-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-154-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-155-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-156-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-157-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-158-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-159-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-161-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-160-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-162-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2732-163-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-164-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-165-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-166-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-167-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-168-0x0000000076F80000-0x000000007710E000-memory.dmp

Filesize
1.6MB

Download
memory/2732-169-0x00000000005C0000-0x000000000070A000-memory.dmp

Filesize
1.3MB

Download
memory/2732-170-0x0000000000590000-0x00000000005AD000-memory.dmp

Filesize
116KB

Download
memory/2732-171-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2732-172-0x0000000000590000-0x00000000005AD000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads