rhadamanthys | 77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e

Analysis

max time kernel
41s
max time network
62s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
19-12-2022 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe
Size

287KB
MD5

31a87d2d370c08d8dee00cedc64519e7
SHA1

7128b4bd573df2e6b29eaece7d208e5937b26fe3
SHA256

77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e
SHA512

1b72e4d002bef028b2b67f4a472b50b38a7f5b0a91ca6283dfe3103c5698fa032da814f53ac303da78c5f552356c57a38202e1adcdd21d5cd90349eda56bbb54
SSDEEP

6144:GnfL6RcFsSp5e4mHfor4w1SBjp70ZG0CLjcbXF:GnfOuF5rmHgr4pjp70I0GYbXF

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Detect rhadamanthys stealer shellcode 1 IoCs

resource	yara_rule
behavioral1/memory/2972-167-0x00000000021C0000-0x00000000021E3000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2972	77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe
2972	77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe
2972	77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1668	2972	WerFault.exe	65

C:\Users\Admin\AppData\Local\Temp\77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe
"C:\Users\Admin\AppData\Local\Temp\77184e90d4f8ad7ffb39086dc95d3aba0f80c6fdc07dacadee0f772d5816462e.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 664
  2⤵
  - Program crash
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-118-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-119-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-120-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-121-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-122-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-123-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-124-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-125-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-126-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-127-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-128-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-129-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-130-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-131-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-132-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-133-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-134-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-135-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-137-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-136-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-138-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-139-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-140-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-141-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-142-0x0000000000636000-0x0000000000659000-memory.dmp

Filesize
140KB

Download
memory/2972-143-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-144-0x00000000004D0000-0x000000000061A000-memory.dmp

Filesize
1.3MB

Download
memory/2972-145-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-146-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-147-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-148-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-149-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-150-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-151-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-152-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-153-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-154-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-155-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-156-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-157-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-158-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-159-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2972-160-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-161-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-162-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-163-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-164-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-165-0x0000000077220000-0x00000000773AE000-memory.dmp

Filesize
1.6MB

Download
memory/2972-166-0x0000000000662000-0x0000000000664000-memory.dmp

Filesize
8KB

Download
memory/2972-167-0x00000000021C0000-0x00000000021E3000-memory.dmp

Filesize
140KB

Download
memory/2972-168-0x0000000000636000-0x0000000000659000-memory.dmp

Filesize
140KB

Download
memory/2972-169-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads