rhadamanthys | 15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3

Analysis

max time kernel
144s
max time network
155s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-05-2023 15:16

Target

15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe
Size

398KB
MD5

9edbd92ee512582638a90e8d7588ac02
SHA1

cd8eb8351c97220d57f42d862add7ece22f98f01
SHA256

15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3
SHA512

9b64b7d57e8645b656e2c206d74b1fe8abb332e7fbab64df2b8c9f3578d2ad4ffbbdf85a1bf71866137490c6d744b33227a65477b802060f4fbcc371cc700233
SSDEEP

6144:sXs5nmfTPmDDoohc+oFaB95vlnnFE8xvUeJebCXwLFms8snzy:sXsALmvoWc+iavnFE8x814CJnz

Score

10^/10

Family

rhadamanthys

http://179.43.142.201/img/favicon.png

Detect rhadamanthys stealer shellcode 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1680-60-0x0000000000270000-0x000000000028C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1680-62-0x0000000000270000-0x000000000028C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1680-63-0x0000000000270000-0x000000000028C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1680-66-0x0000000000270000-0x000000000028C000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

C:\Users\Admin\AppData\Local\Temp\15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe
"C:\Users\Admin\AppData\Local\Temp\15d5787220c46042cf6fe90244bc111e96b7a0a82bd0773255926db8575ea9c3.exe"
1⤵
PID:1680

memory/1680-55-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/1680-56-0x0000000000400000-0x0000000000808000-memory.dmp

Filesize
4.0MB

Download
memory/1680-57-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/1680-61-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1680-60-0x0000000000270000-0x000000000028C000-memory.dmp

Filesize
112KB

Download
memory/1680-62-0x0000000000270000-0x000000000028C000-memory.dmp

Filesize
112KB

Download
memory/1680-63-0x0000000000270000-0x000000000028C000-memory.dmp

Filesize
112KB

Download
memory/1680-64-0x0000000000400000-0x0000000000808000-memory.dmp

Filesize
4.0MB

Download
memory/1680-66-0x0000000000270000-0x000000000028C000-memory.dmp

Filesize
112KB

Download