Overview

overview

10

Static

static

3

5704a01531...6f.exe

windows7-x64

10

5704a01531...6f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2023 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5704a0153196947f456807e33ded41f5d49eed5e8c7ac26871995f7db055d36f.exe

  • Size

    398KB

  • MD5

    d050a7a6da957c3b3c5e723fecb95029

  • SHA1

    4d4a92a5b606d2a3805ff39a729cfa224e4028a3

  • SHA256

    5704a0153196947f456807e33ded41f5d49eed5e8c7ac26871995f7db055d36f

  • SHA512

    2dae1174c9bce27d5b5e487ed0982ddd52fe2dd71bb2defb270b50aecc202ee0101352742d76859d3361c1ed2cce8da5f48b1fc811393b76ff61857e2e5ac59b

  • SSDEEP

    6144:nZw1eZILFwdHn3xKBlMOXT1JzpYxe0Vp4j+wjw3GTm:nZ6eZILFwdH3QzpKe0Vp4jtjhm

Score
10/10
rhadamanthysstealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

Processes

  • C:\Users\Admin\AppData\Local\Temp\5704a0153196947f456807e33ded41f5d49eed5e8c7ac26871995f7db055d36f.exe
    "C:\Users\Admin\AppData\Local\Temp\5704a0153196947f456807e33ded41f5d49eed5e8c7ac26871995f7db055d36f.exe"
    1⤵
      PID:4104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4104-134-0x00000000008D0000-0x00000000008FE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4104-135-0x0000000000400000-0x0000000000808000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/4104-138-0x0000000000900000-0x000000000091C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4104-139-0x00000000025A0000-0x00000000025BA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4104-140-0x0000000000900000-0x000000000091C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4104-141-0x0000000000400000-0x0000000000808000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/4104-142-0x0000000000900000-0x000000000091C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4104-143-0x0000000000900000-0x000000000091C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4104-144-0x00000000025A0000-0x00000000025BA000-memory.dmp

      Filesize

      104KB

      Download