Overview

overview

10

Static

static

3

dfd8d0b216...1f.exe

windows7-x64

10

dfd8d0b216...1f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-05-2023 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfd8d0b2166a7bb659d3c76b569547d7942866601aab9699b4327f3278cf781f.exe

  • Size

    338KB

  • MD5

    edf72fa150d73324f7a9178d1c2d5186

  • SHA1

    a751299d5283cae65729bdd9c7b676144da24448

  • SHA256

    dfd8d0b2166a7bb659d3c76b569547d7942866601aab9699b4327f3278cf781f

  • SHA512

    1ceed3bdaaf8e304dafc564a5851c8d515dcb5ce2cc7937ceb7e06981239a3b589a2b7471a41767c6978a40904f5c8f1c9d12b510ff02cd9576b371d566e7ac9

  • SSDEEP

    6144:81AqkRvHgci0Z/pIcwxd7fVu3L91GcAySqOE:81h+vHVpq7fVG91G5ySNE

Score
10/10
rhadamanthysstealer

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfd8d0b2166a7bb659d3c76b569547d7942866601aab9699b4327f3278cf781f.exe
    "C:\Users\Admin\AppData\Local\Temp\dfd8d0b2166a7bb659d3c76b569547d7942866601aab9699b4327f3278cf781f.exe"
    1⤵
      PID:1316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1316-55-0x00000000003A0000-0x00000000003CE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1316-56-0x0000000000400000-0x00000000007FA000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1316-59-0x00000000003E0000-0x00000000003FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/1316-60-0x0000000000400000-0x00000000007FA000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1316-61-0x00000000003E0000-0x00000000003FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/1316-62-0x0000000000810000-0x0000000000811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1316-63-0x00000000003E0000-0x00000000003FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/1316-65-0x00000000003E0000-0x00000000003FC000-memory.dmp

      Filesize

      112KB

      Download