Overview

overview

10

Static

static

3

SecuriteIn...80.exe

windows7-x64

10

SecuriteIn...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Heur.MSIL.Androm.1.11946.26080.exe

  • Size

    513KB

  • MD5

    89fe28686a81b90bf1f46b6d46251ce4

  • SHA1

    19f6a799b4777acf208926cee4913c0a889db72e

  • SHA256

    8e5f99b92349381fd772b1bdb18cce2c6595181fcad0f68de25593276d61620f

  • SHA512

    9cb0181a6a9e6a37c10a6acf9c172fd4130f4d476b76c3b97acc71c157c3d8135f42d1f2a10bb87d07ecf784d30e705dc071b5630705e9f939127762795d0dfc

  • SSDEEP

    12288:pX5JC7oT39ra0hI1iGKsHJwUJ10qx6qhE12:pLC7mtThIcGNSS1VY31

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 7 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1180
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.MSIL.Androm.1.11946.26080.exe
        "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.MSIL.Androm.1.11946.26080.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2188
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.MSIL.Androm.1.11946.26080.exe
          C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.MSIL.Androm.1.11946.26080.exe
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1736
      • C:\Windows\system32\certreq.exe
        "C:\Windows\system32\certreq.exe"
        2⤵
        • Deletes itself
        • Suspicious behavior: EnumeratesProcesses
        PID:2668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1736-24-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-10-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-37-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-23-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-36-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-34-0x00000000002A0000-0x00000000002D6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1736-35-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-28-0x00000000002A0000-0x00000000002D6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1736-8-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-9-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-22-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-11-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-25-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-14-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-17-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-18-0x0000000000400000-0x0000000000473000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1736-19-0x0000000000090000-0x0000000000097000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1736-20-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-21-0x0000000002180000-0x0000000002580000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2188-3-0x0000000002180000-0x00000000021F8000-memory.dmp

      Filesize

      480KB

      Download

    • memory/2188-4-0x0000000000630000-0x0000000000670000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2188-16-0x0000000074D90000-0x000000007547E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2188-0-0x0000000074D90000-0x000000007547E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2188-1-0x0000000000CF0000-0x0000000000D76000-memory.dmp

      Filesize

      536KB

      Download

    • memory/2188-2-0x0000000074D90000-0x000000007547E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2188-7-0x0000000000630000-0x0000000000670000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2188-6-0x0000000004BF0000-0x0000000004C3C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2188-5-0x0000000004B80000-0x0000000004BE8000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2668-39-0x0000000000120000-0x0000000000127000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2668-45-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-26-0x0000000000060000-0x0000000000063000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2668-40-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-41-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-42-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-43-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-27-0x0000000000060000-0x0000000000063000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2668-47-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-48-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-49-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-50-0x0000000077B70000-0x0000000077D19000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2668-51-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-52-0x000007FFFFE80000-0x000007FFFFFAF000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2668-53-0x0000000077B70000-0x0000000077D19000-memory.dmp

      Filesize

      1.7MB

      Download