rhadamanthys | 4564f2542d0e8e730e454077560c9b275b1cc20a3026cf82983280352a4a0ed8

Analysis

max time kernel
150s
max time network
161s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-05-2023 16:20

Target

4564f2542d0e8e730e454077560c9b275b1cc20a3026cf82983280352a4a0ed8.exe
Size

398KB
MD5

8b4a70fd0cf30279393c7a64404fef5a
SHA1

ddbc511417206aa2c03765450bd134c33ebaf6d0
SHA256

4564f2542d0e8e730e454077560c9b275b1cc20a3026cf82983280352a4a0ed8
SHA512

2949295aed4e8e41078706d45a8db4fd3aec8c9e79519e34831fe3ea7f58dc775eb1eb8e55b5f565c79f6cd672b0bc148002cfa61e77044b716cf0f2a8d41006
SSDEEP

6144:eV59q0n9IAFyesTY2VJlE1HcWYMIPitq7N1ufilHn7ZQay:eV5c0nSAFOTZVE1HZeufitn5

Score

10^/10

Family

rhadamanthys

http://179.43.142.201/img/favicon.png

Detect rhadamanthys stealer shellcode 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1352-59-0x00000000002D0000-0x00000000002EC000-memory.dmp	family_rhadamanthys
behavioral1/memory/1352-61-0x00000000002D0000-0x00000000002EC000-memory.dmp	family_rhadamanthys
behavioral1/memory/1352-62-0x00000000002D0000-0x00000000002EC000-memory.dmp	family_rhadamanthys
behavioral1/memory/1352-65-0x00000000002D0000-0x00000000002EC000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

C:\Users\Admin\AppData\Local\Temp\4564f2542d0e8e730e454077560c9b275b1cc20a3026cf82983280352a4a0ed8.exe
"C:\Users\Admin\AppData\Local\Temp\4564f2542d0e8e730e454077560c9b275b1cc20a3026cf82983280352a4a0ed8.exe"
1⤵
PID:1352

memory/1352-55-0x00000000002A0000-0x00000000002CE000-memory.dmp

Filesize
184KB

Download
memory/1352-56-0x0000000000400000-0x0000000000809000-memory.dmp

Filesize
4.0MB

Download
memory/1352-59-0x00000000002D0000-0x00000000002EC000-memory.dmp

Filesize
112KB

Download
memory/1352-60-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1352-61-0x00000000002D0000-0x00000000002EC000-memory.dmp

Filesize
112KB

Download
memory/1352-62-0x00000000002D0000-0x00000000002EC000-memory.dmp

Filesize
112KB

Download
memory/1352-63-0x0000000000400000-0x0000000000809000-memory.dmp

Filesize
4.0MB

Download
memory/1352-65-0x00000000002D0000-0x00000000002EC000-memory.dmp

Filesize
112KB

Download