Analysis
-
max time kernel
151s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-04-2023 22:50
Static task
static1
Behavioral task
behavioral1
Sample
15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe
Resource
win10v2004-20230220-en
General
-
Target
15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe
-
Size
398KB
-
MD5
9edbd92ee512582638a90e8d7588ac02
-
SHA1
cd8eb8351c97220d57f42d862add7ece22f98f01
-
SHA256
15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3
-
SHA512
9b64b7d57e8645b656e2c206d74b1fe8abb332e7fbab64df2b8c9f3578d2ad4ffbbdf85a1bf71866137490c6d744b33227a65477b802060f4fbcc371cc700233
-
SSDEEP
6144:sXs5nmfTPmDDoohc+oFaB95vlnnFE8xvUeJebCXwLFms8snzy:sXsALmvoWc+iavnFE8x814CJnz
Malware Config
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Signatures
-
Detect rhadamanthys stealer shellcode 4 IoCs
Processes:
resource yara_rule behavioral1/memory/1696-59-0x00000000001B0000-0x00000000001CC000-memory.dmp family_rhadamanthys behavioral1/memory/1696-61-0x00000000001B0000-0x00000000001CC000-memory.dmp family_rhadamanthys behavioral1/memory/1696-62-0x00000000001B0000-0x00000000001CC000-memory.dmp family_rhadamanthys behavioral1/memory/1696-65-0x00000000001B0000-0x00000000001CC000-memory.dmp family_rhadamanthys -
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.