Overview

overview

10

Static

static

10

6523.exe

windows7-x64

10

6523.exe

windows10-2004-x64

10

Amdau.exe

windows7-x64

10

Amdau.exe

windows10-2004-x64

10

CLEP.exe

windows7-x64

10

CLEP.exe

windows10-2004-x64

10

DCKA.exe

windows7-x64

10

DCKA.exe

windows10-2004-x64

10

DEV.exe

windows7-x64

10

DEV.exe

windows10-2004-x64

10

DEVMin.exe

windows7-x64

10

DEVMin.exe

windows10-2004-x64

10

DevSt.exe

windows7-x64

1

DevSt.exe

windows10-2004-x64

1

Documents-...uz.exe

windows7-x64

7

Documents-...uz.exe

windows10-2004-x64

5

IqXYLXKzl6.exe

windows7-x64

IqXYLXKzl6.exe

windows10-2004-x64

1

LEMON.exe

windows7-x64

10

LEMON.exe

windows10-2004-x64

10

LIMMin.exe

windows7-x64

10

LIMMin.exe

windows10-2004-x64

10

LIMSt.exe

windows7-x64

1

LIMSt.exe

windows10-2004-x64

1

LK2.exe

windows7-x64

10

LK2.exe

windows10-2004-x64

10

NINJA.exe

windows7-x64

7

NINJA.exe

windows10-2004-x64

7

PolymodXT.exe

windows7-x64

10

PolymodXT.exe

windows10-2004-x64

10

UM.exe

windows7-x64

10

UM.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    197s
  • max time network
    212s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 02:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DEV.exe

  • Size

    179KB

  • MD5

    9775295a19eff01e8ccb2d7f5702569d

  • SHA1

    8b069c942631ac9b642031005ba20f03324ecc84

  • SHA256

    7aadc76471387981789a8aa1d2c34ed48b79f84febe3160feea5f32c4aaaceb7

  • SHA512

    fdc7ce7da4ca98aa67ea9652c13e1d316f4bad8f7ae07224754fdffc559fd93b3e5488aa13e622610c7b3db22261183bffedccde6a76147e5cfc898a0b5a3733

  • SSDEEP

    3072:bwevYpKTDMDUjfuuE46lC4PQyfHU6Ig4cjnjFRpbll/XbqefxlS3ETgmBN8vqI5L:sevY8mCu3wB4HzlrzPOefxoEBK7

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 4 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

Processes

  • C:\Users\Admin\AppData\Local\Temp\DEV.exe
    "C:\Users\Admin\AppData\Local\Temp\DEV.exe"
    1⤵
      PID:2836

    Network

      No results found
    • 195.3.223.120:80
      DEV.exe
      104 B
       2
    • 195.3.223.120:80
      DEV.exe
      96 B
       2
    • 195.3.223.120:80
      DEV.exe
      104 B
       2
    • 195.3.223.120:80
      DEV.exe
      96 B
       2
    • 195.3.223.120:80
      DEV.exe
      104 B
       2
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2836-1-0x0000000000810000-0x0000000000910000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2836-2-0x00000000000E0000-0x00000000000FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2836-3-0x0000000000810000-0x0000000000910000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2836-4-0x0000000000120000-0x0000000000122000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2836-5-0x00000000000E0000-0x00000000000FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2836-6-0x00000000000E0000-0x00000000000FC000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2836-7-0x0000000000120000-0x0000000000122000-memory.dmp

      Filesize

      8KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.