rhadamanthys | 278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d

Analysis

max time kernel
209s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2023 11:19

Target

278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe
Size

376KB
MD5

c2ab62df8fdd118112d4ac446036cc9b
SHA1

1156aa3865d276af90f24481a203f2ce546797d4
SHA256

278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d
SHA512

910c6e191a630fd4f9bd580a5a9d77c6b7adad0f33a000905d90c77ab1f44d921319fd7664985650106bb27ea0d2a30e39b44074c2c77c19bab9bd6a6a3a1618
SSDEEP

6144:eSSXLV49Q0I5aL5osiw0RYuyroqQQR6FYU+87YKxfk+B/:eDBn0I52osi3aFoqUJ/7z/

Score

10^/10

Family

rhadamanthys

http://179.43.142.201/img/favicon.png

Detect rhadamanthys stealer shellcode 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1976-138-0x0000000002480000-0x000000000249C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1976-141-0x0000000002480000-0x000000000249C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1976-142-0x0000000002480000-0x000000000249C000-memory.dmp	family_rhadamanthys
behavioral1/memory/1976-143-0x0000000002480000-0x000000000249C000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

C:\Users\Admin\AppData\Local\Temp\278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe
"C:\Users\Admin\AppData\Local\Temp\278bedf84a6b130e43377c771c2a5692aa1d6c1674db5df834928d7be3f8f25d.exe"
1⤵
PID:1976

memory/1976-134-0x0000000002450000-0x000000000247E000-memory.dmp

Filesize
184KB

Download
memory/1976-135-0x0000000000400000-0x00000000006F8000-memory.dmp

Filesize
3.0MB

Download
memory/1976-138-0x0000000002480000-0x000000000249C000-memory.dmp

Filesize
112KB

Download
memory/1976-139-0x0000000000400000-0x00000000006F8000-memory.dmp

Filesize
3.0MB

Download
memory/1976-140-0x00000000008A0000-0x00000000008A2000-memory.dmp

Filesize
8KB

Download
memory/1976-141-0x0000000002480000-0x000000000249C000-memory.dmp

Filesize
112KB

Download
memory/1976-142-0x0000000002480000-0x000000000249C000-memory.dmp

Filesize
112KB

Download
memory/1976-143-0x0000000002480000-0x000000000249C000-memory.dmp

Filesize
112KB

Download