rhadamanthys | 03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306

Resubmissions

27-11-2024 09:56

25-11-2024 11:50

26-11-2023 16:38

max time kernel
314s
max time network
1593s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
26-11-2023 16:38

Target

Silver RAT.exe
Size

448KB
MD5

e1e28c3acf184aa364c9ed9a30ab7289
SHA1

1a173a6f4ec39fe467f1b4b91c9fad794167ac1c
SHA256

03c72cfabace07b6787d2d1fd66d6d6d9a2fbcb74a827ca4ab7e59aba40cb306
SHA512

e8d38c9a144b7f4531e617de45dc240042a7b9ce7dd5766eb2f763b505d9786acccf54f3a03ff3639c36c957e2d14d34b5b59196170eb1b6b5f17e8a417d6991
SSDEEP

6144:nC5hyUR+MhyfUj6qfoMXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BoMmID/mQmpMcmSSIU16XE2e5L

Score

10^/10

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

Silver RAT.exe

description	pid	Process	procid_target
PID 4288 created 2968	4288	Silver RAT.exe	25

Deletes itself 1 IoCs

Processes:

dialer.exe

pid	Process
5016	dialer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

Silver RAT.exedialer.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

Silver RAT.exe

description	pid	Process	procid_target
PID 4288 wrote to memory of 5016	4288	Silver RAT.exe	71
PID 4288 wrote to memory of 5016	4288	Silver RAT.exe	71
PID 4288 wrote to memory of 5016	4288	Silver RAT.exe	71
PID 4288 wrote to memory of 5016	4288	Silver RAT.exe	71
PID 4288 wrote to memory of 5016	4288	Silver RAT.exe	71

memory/4288-0-0x0000000001390000-0x0000000001418000-memory.dmp

Filesize
544KB

Download
memory/4288-1-0x0000000003F50000-0x0000000004350000-memory.dmp

Filesize
4.0MB

Download
memory/4288-2-0x0000000003F50000-0x0000000004350000-memory.dmp

Filesize
4.0MB

Download
memory/4288-3-0x0000000003F50000-0x0000000004350000-memory.dmp

Filesize
4.0MB

Download
memory/4288-4-0x00007FFD27EE0000-0x00007FFD280BB000-memory.dmp

Filesize
1.9MB

Download
memory/4288-5-0x0000000003F50000-0x0000000004350000-memory.dmp

Filesize
4.0MB

Download
memory/4288-7-0x0000000074990000-0x0000000074B52000-memory.dmp

Filesize
1.8MB

Download
memory/4288-10-0x0000000001390000-0x0000000001418000-memory.dmp

Filesize
544KB

Download
memory/5016-8-0x0000000000110000-0x0000000000119000-memory.dmp

Filesize
36KB

Download
memory/5016-12-0x0000000003E80000-0x0000000004280000-memory.dmp

Filesize
4.0MB

Download
memory/5016-13-0x00007FFD27EE0000-0x00007FFD280BB000-memory.dmp

Filesize
1.9MB

Download
memory/5016-16-0x00007FFD27EE0000-0x00007FFD280BB000-memory.dmp

Filesize
1.9MB

Download
memory/5016-14-0x0000000003E80000-0x0000000004280000-memory.dmp

Filesize
4.0MB

Download
memory/5016-17-0x0000000074990000-0x0000000074B52000-memory.dmp

Filesize
1.8MB

Download
memory/5016-18-0x0000000003E80000-0x0000000004280000-memory.dmp

Filesize
4.0MB

Download