Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07-05-2023 09:34
Static task
static1
Behavioral task
behavioral1
Sample
08519d442427ddc963297f8424d8a07b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08519d442427ddc963297f8424d8a07b.exe
Resource
win10v2004-20230221-en
General
-
Target
08519d442427ddc963297f8424d8a07b.exe
-
Size
370KB
-
MD5
08519d442427ddc963297f8424d8a07b
-
SHA1
28bc9f1191e9b03b85ccbce6a1984d957405499b
-
SHA256
cfbb22ccceaa89c67a1139e72f65b1139c962ff4b8f6960389a58c5844d8e9dc
-
SHA512
726f4191e2de39c0bc8d9410921d33b71f2c75e1ee172e0da38e862050073c4ec47ea8168e4bf72eb5a5447057f5257f23f7217776b17b776fa0c78e632f38fd
-
SSDEEP
6144:3J+Zbjc2uQqCEJfzABdBtWtILy5HfOXghTGgsqWL:Zw/c2uQqjzUVgIu5H2XgMpPL
Malware Config
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Signatures
-
Detect rhadamanthys stealer shellcode 4 IoCs
Processes:
resource yara_rule behavioral1/memory/1736-59-0x00000000001C0000-0x00000000001DC000-memory.dmp family_rhadamanthys behavioral1/memory/1736-61-0x00000000001C0000-0x00000000001DC000-memory.dmp family_rhadamanthys behavioral1/memory/1736-62-0x00000000001C0000-0x00000000001DC000-memory.dmp family_rhadamanthys behavioral1/memory/1736-65-0x00000000001C0000-0x00000000001DC000-memory.dmp family_rhadamanthys -
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.