Analysis
-
max time kernel
209s -
max time network
231s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
07-05-2023 11:19
General
-
Target
278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe
-
Size
376KB
-
MD5
c2ab62df8fdd118112d4ac446036cc9b
-
SHA1
1156aa3865d276af90f24481a203f2ce546797d4
-
SHA256
278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d
-
SHA512
910c6e191a630fd4f9bd580a5a9d77c6b7adad0f33a000905d90c77ab1f44d921319fd7664985650106bb27ea0d2a30e39b44074c2c77c19bab9bd6a6a3a1618
-
SSDEEP
6144:eSSXLV49Q0I5aL5osiw0RYuyroqQQR6FYU+87YKxfk+B/:eDBn0I52osi3aFoqUJ/7z/
Score
10/10
Malware Config
Extracted
Family
rhadamanthys
C2
http://179.43.142.201/img/favicon.png
Signatures
-
Detect rhadamanthys stealer shellcode 4 IoCs
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
Processes
-
C:\Users\Admin\AppData\Local\Temp\278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe"C:\Users\Admin\AppData\Local\Temp\278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1976-134-0x0000000002450000-0x000000000247E000-memory.dmpFilesize
184KB
-
memory/1976-135-0x0000000000400000-0x00000000006F8000-memory.dmpFilesize
3.0MB
-
memory/1976-138-0x0000000002480000-0x000000000249C000-memory.dmpFilesize
112KB
-
memory/1976-139-0x0000000000400000-0x00000000006F8000-memory.dmpFilesize
3.0MB
-
memory/1976-140-0x00000000008A0000-0x00000000008A2000-memory.dmpFilesize
8KB
-
memory/1976-141-0x0000000002480000-0x000000000249C000-memory.dmpFilesize
112KB
-
memory/1976-142-0x0000000002480000-0x000000000249C000-memory.dmpFilesize
112KB
-
memory/1976-143-0x0000000002480000-0x000000000249C000-memory.dmpFilesize
112KB