rhadamanthys | 9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91

Analysis

max time kernel
102s
max time network
107s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
28/12/2022, 12:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe
Size

194KB
MD5

26224d9fbcbbb1d61537059897a63943
SHA1

0032037787baa4e80be43d0b8ddc5051926430eb
SHA256

9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91
SHA512

3479d0d48ce21cab35a512144050b21d810e84ef9d209ac27e63dd873d17819bbbd53acfcb6b28fb9effd6abf410f9a2d18c1975828f5b0f01c2ffa31c48c16f
SSDEEP

3072:Uv5ChRQUknU7TfNMXgSrayXVE9y4qQDHg2EPkoTrEsjHZvQ3hl43vpMvxGWqB2cL:dh6zU7T1DylEtDAvPJTrF5vQ37IM

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Detect rhadamanthys stealer shellcode 2 IoCs

resource	yara_rule
behavioral1/memory/3500-159-0x0000000000C50000-0x0000000000C73000-memory.dmp	family_rhadamanthys
behavioral1/memory/3500-168-0x0000000000C50000-0x0000000000C73000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
3500	9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe
3500	9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe
3500	9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe

C:\Users\Admin\AppData\Local\Temp\9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe
"C:\Users\Admin\AppData\Local\Temp\9917b5f66784e134129291999ae0d33dcd80930a0a70a4fbada1a3b70a53ba91.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3500-115-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-116-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-118-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-119-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-117-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-121-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-122-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-125-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-126-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-124-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-127-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-130-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-129-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-128-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-131-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-132-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-123-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-120-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-133-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-134-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-135-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-136-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-137-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-138-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-139-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-140-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-141-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-142-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-143-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-144-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-145-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-146-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-147-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-148-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-149-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-151-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-150-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-152-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-153-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-154-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-155-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-156-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-157-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-158-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download
memory/3500-159-0x0000000000C50000-0x0000000000C73000-memory.dmp

Filesize
140KB

Download
memory/3500-161-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-162-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-160-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-164-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-166-0x0000000002840000-0x0000000002A84000-memory.dmp

Filesize
2.3MB

Download
memory/3500-167-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download
memory/3500-168-0x0000000000C50000-0x0000000000C73000-memory.dmp

Filesize
140KB

Download
memory/3500-169-0x0000000002840000-0x0000000002A84000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads