Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
07-05-2023 02:01
Static task
static1
Behavioral task
behavioral1
Sample
cfbb22ccceaa89c67a1139e72f65b1139c962ff4b8f6960389a58c5844d8e9dc.exe
Resource
win10-20230220-en
General
-
Target
cfbb22ccceaa89c67a1139e72f65b1139c962ff4b8f6960389a58c5844d8e9dc.exe
-
Size
370KB
-
MD5
08519d442427ddc963297f8424d8a07b
-
SHA1
28bc9f1191e9b03b85ccbce6a1984d957405499b
-
SHA256
cfbb22ccceaa89c67a1139e72f65b1139c962ff4b8f6960389a58c5844d8e9dc
-
SHA512
726f4191e2de39c0bc8d9410921d33b71f2c75e1ee172e0da38e862050073c4ec47ea8168e4bf72eb5a5447057f5257f23f7217776b17b776fa0c78e632f38fd
-
SSDEEP
6144:3J+Zbjc2uQqCEJfzABdBtWtILy5HfOXghTGgsqWL:Zw/c2uQqjzUVgIu5H2XgMpPL
Malware Config
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Signatures
-
Detect rhadamanthys stealer shellcode 4 IoCs
Processes:
resource yara_rule behavioral1/memory/1792-127-0x0000000000AB0000-0x0000000000ACC000-memory.dmp family_rhadamanthys behavioral1/memory/1792-128-0x0000000000AB0000-0x0000000000ACC000-memory.dmp family_rhadamanthys behavioral1/memory/1792-130-0x0000000000AB0000-0x0000000000ACC000-memory.dmp family_rhadamanthys behavioral1/memory/1792-132-0x0000000000AB0000-0x0000000000ACC000-memory.dmp family_rhadamanthys -
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1792-122-0x0000000000830000-0x000000000085E000-memory.dmpFilesize
184KB
-
memory/1792-123-0x0000000000400000-0x00000000006DA000-memory.dmpFilesize
2.9MB
-
memory/1792-124-0x0000000000830000-0x000000000085E000-memory.dmpFilesize
184KB
-
memory/1792-127-0x0000000000AB0000-0x0000000000ACC000-memory.dmpFilesize
112KB
-
memory/1792-128-0x0000000000AB0000-0x0000000000ACC000-memory.dmpFilesize
112KB
-
memory/1792-129-0x00000000001F0000-0x00000000001F2000-memory.dmpFilesize
8KB
-
memory/1792-130-0x0000000000AB0000-0x0000000000ACC000-memory.dmpFilesize
112KB
-
memory/1792-131-0x0000000000400000-0x00000000006DA000-memory.dmpFilesize
2.9MB
-
memory/1792-132-0x0000000000AB0000-0x0000000000ACC000-memory.dmpFilesize
112KB