rhadamanthys | 4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5

Analysis

max time kernel
155s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 17:15

Target

4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe
Size

316KB
MD5

68a7c23d4fe2e789b1b3e0238c10230c
SHA1

be8846b87f4d657bdd4574df29ab5a9538cfe173
SHA256

4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5
SHA512

a954baf57af69789ac1b72fccf14e8f680ab3923c43bb2e261aa805b105cedfe80b8fa2774fdc9c78e2e0e6dc3de4e657007f25c004b7d54d476da52e057e2ff
SSDEEP

3072:ql8T7GxiplX47e0KNfmYWAoZO9HfD6sBqJzCLFz+E9EdiVWNXF/LWqzJySMDtdiG:e07IK0KNL0sn+EediV0EO+hFqP6PqJs

Score

10^/10

Detect rhadamanthys stealer shellcode 4 IoCs

resource	yara_rule
behavioral1/memory/2288-138-0x0000000002D60000-0x0000000002D7C000-memory.dmp	family_rhadamanthys
behavioral1/memory/2288-139-0x0000000002D60000-0x0000000002D7C000-memory.dmp	family_rhadamanthys
behavioral1/memory/2288-143-0x0000000002D60000-0x0000000002D7C000-memory.dmp	family_rhadamanthys
behavioral1/memory/2288-145-0x0000000002D60000-0x0000000002D7C000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2288	4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe
2288	4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe
2288	4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe

C:\Users\Admin\AppData\Local\Temp\4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe
"C:\Users\Admin\AppData\Local\Temp\4f7af86dadf3d82857b2963a660b9cfcab6d21332888a7da414bc22108ddfce5.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2288

memory/2288-134-0x0000000002D10000-0x0000000002D3E000-memory.dmp

Filesize
184KB

Download
memory/2288-135-0x0000000000400000-0x0000000002B7D000-memory.dmp

Filesize
39.5MB

Download
memory/2288-138-0x0000000002D60000-0x0000000002D7C000-memory.dmp

Filesize
112KB

Download
memory/2288-139-0x0000000002D60000-0x0000000002D7C000-memory.dmp

Filesize
112KB

Download
memory/2288-141-0x0000000002D40000-0x0000000002D42000-memory.dmp

Filesize
8KB

Download
memory/2288-142-0x0000000004AE0000-0x0000000005AE0000-memory.dmp

Filesize
16.0MB

Download
memory/2288-143-0x0000000002D60000-0x0000000002D7C000-memory.dmp

Filesize
112KB

Download
memory/2288-144-0x0000000000400000-0x0000000002B7D000-memory.dmp

Filesize
39.5MB

Download
memory/2288-145-0x0000000002D60000-0x0000000002D7C000-memory.dmp

Filesize
112KB

Download
memory/2288-146-0x0000000004AE0000-0x0000000005AE0000-memory.dmp

Filesize
16.0MB

Download