rhadamanthys | 94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414

Analysis

max time kernel
142s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/03/2023, 13:47

Target

94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe
Size

353KB
MD5

41e4a1d36998120ac885ee1101b913a3
SHA1

4ce0b58cb8cd11f496de54d46c6cbce634ccb43f
SHA256

94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414
SHA512

d885e0552578d0420ece3f84cb326e224cf75ef0d3575ad7c29a16f17dcd9f0463aebf655f8abcc559b52e7ad418fbff162d494af5f77d6ed4b91cb79959f069
SSDEEP

6144:0JMcLqqK79Q/7M2GBs8HlUy37EJ2urFpaauxdVIjVcLMUIjK:0JZVKpQ/7M2GXHfA2u5omj+LyjK

Score

10^/10

Detect rhadamanthys stealer shellcode 4 IoCs

resource	yara_rule
behavioral1/memory/3752-121-0x0000000004880000-0x000000000489C000-memory.dmp	family_rhadamanthys
behavioral1/memory/3752-123-0x0000000004880000-0x000000000489C000-memory.dmp	family_rhadamanthys
behavioral1/memory/3752-126-0x0000000004880000-0x000000000489C000-memory.dmp	family_rhadamanthys
behavioral1/memory/3752-128-0x0000000004880000-0x000000000489C000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
3752	94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe
3752	94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe
3752	94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe

C:\Users\Admin\AppData\Local\Temp\94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe
"C:\Users\Admin\AppData\Local\Temp\94451711c19cad7c5efe506f16dd849413e9c1eb01d04862fe9fc3f6ed4c2414.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3752

memory/3752-117-0x0000000004850000-0x000000000487E000-memory.dmp

Filesize
184KB

Download
memory/3752-118-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/3752-121-0x0000000004880000-0x000000000489C000-memory.dmp

Filesize
112KB

Download
memory/3752-124-0x0000000002C70000-0x0000000002C72000-memory.dmp

Filesize
8KB

Download
memory/3752-123-0x0000000004880000-0x000000000489C000-memory.dmp

Filesize
112KB

Download
memory/3752-125-0x0000000002C70000-0x0000000002C73000-memory.dmp

Filesize
12KB

Download
memory/3752-126-0x0000000004880000-0x000000000489C000-memory.dmp

Filesize
112KB

Download
memory/3752-127-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/3752-128-0x0000000004880000-0x000000000489C000-memory.dmp

Filesize
112KB

Download