Overview

overview

10

Static

static

3

2c7965dc79...4e.exe

windows7-x64

10

2c7965dc79...4e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2023 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c7965dc79af4e1e3a668c8b333344152f7934b663f7d064185a87e7581ca64e.exe

  • Size

    353KB

  • MD5

    b8ebb22a2dfda2427e4982b26ff59565

  • SHA1

    47fd5a2923558a0a46af3e3c63235c462901d2fa

  • SHA256

    2c7965dc79af4e1e3a668c8b333344152f7934b663f7d064185a87e7581ca64e

  • SHA512

    e9607420ce307e3ae2173fbf7a0d5728deb6a42ebb2e5a10adf07f19c94243e48fc018fce3c770632525dd8ffa856b07f643d98eb7d12e04532579a845cc255d

  • SSDEEP

    3072:iRvDK/xoIqABV+gq+ARfr6MXMHgncnZ5uFIfhNxp0y5xyq9ZdNoDdHdXM:4COGV+g+HqIcHuF6bxp0uyq9ZdNW11

Score
10/10
rhadamanthysstealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Signatures

  • Detect rhadamanthys stealer shellcode 5 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c7965dc79af4e1e3a668c8b333344152f7934b663f7d064185a87e7581ca64e.exe
    "C:\Users\Admin\AppData\Local\Temp\2c7965dc79af4e1e3a668c8b333344152f7934b663f7d064185a87e7581ca64e.exe"
    1⤵
      PID:2092

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2092-134-0x0000000000600000-0x000000000062E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2092-135-0x0000000000400000-0x000000000046B000-memory.dmp

      Filesize

      428KB

      Download

    • memory/2092-138-0x00000000021E0000-0x00000000021FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2092-139-0x00000000021E0000-0x00000000021FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2092-140-0x0000000002200000-0x000000000221A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2092-141-0x00000000021E0000-0x00000000021FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2092-142-0x0000000000400000-0x000000000046B000-memory.dmp

      Filesize

      428KB

      Download

    • memory/2092-143-0x00000000021E0000-0x00000000021FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2092-144-0x0000000002200000-0x000000000221A000-memory.dmp

      Filesize

      104KB

      Download