Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2023 23:39

General

  • Target

    3c63861682c8d454b9f3956d71c4c9c6abe8e81e69c8080c027a4c1883c32073.exe

  • Size

    278KB

  • MD5

    1206e816e3ae6ffcf80d81733f85aa11

  • SHA1

    8837ccbd6028c17e8d98878b403c6e460827003c

  • SHA256

    3c63861682c8d454b9f3956d71c4c9c6abe8e81e69c8080c027a4c1883c32073

  • SHA512

    fe3d8c36ca0891c87cb889c674fb0c7a7491ad459b73f841f1f48c4def2aeb55493d940031030ba3db84b914aef2b8edc9f4eb844129a5e0966e99195c4205cf

  • SSDEEP

    3072:1Bov+2uXxJ21xYGlqydzPxtEPIc64ffwWajYYK6wnZdBhZUaerz26iiAd4y5PTvZ:rQxtoydrO360wZYYZ6P8nVATvBme9

Score
10/10

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c63861682c8d454b9f3956d71c4c9c6abe8e81e69c8080c027a4c1883c32073.exe
    "C:\Users\Admin\AppData\Local\Temp\3c63861682c8d454b9f3956d71c4c9c6abe8e81e69c8080c027a4c1883c32073.exe"
    1⤵
      PID:1236

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1236-55-0x0000000000220000-0x000000000024E000-memory.dmp

      Filesize

      184KB

    • memory/1236-56-0x0000000000400000-0x0000000002BA0000-memory.dmp

      Filesize

      39.6MB

    • memory/1236-59-0x0000000000250000-0x000000000026C000-memory.dmp

      Filesize

      112KB

    • memory/1236-60-0x0000000000300000-0x0000000000301000-memory.dmp

      Filesize

      4KB

    • memory/1236-61-0x0000000000250000-0x000000000026C000-memory.dmp

      Filesize

      112KB

    • memory/1236-62-0x0000000000250000-0x000000000026C000-memory.dmp

      Filesize

      112KB

    • memory/1236-63-0x0000000000400000-0x0000000002BA0000-memory.dmp

      Filesize

      39.6MB

    • memory/1236-65-0x0000000000250000-0x000000000026C000-memory.dmp

      Filesize

      112KB