rhadamanthys | dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5[.]malz

General

Target

dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5.malz
Size

149KB
MD5

221c3bf6b4e3c355fdce087122511fe4
SHA1

975c36eb0442edd4d42996a3dd554ab36f95ff55
SHA256

dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5
SHA512

edacc09d25e4c9d1d19885abe2fea72aff44e75862d9c3f1aa158edf5c40d635551abb820e89533696a4e9f3664e45c18f112a2a81e94d3badf13ed0b5acbcb4
SSDEEP

3072:sY8Ah6pPHmZbnjL9/LZHR29C6BoFQ9QQMb7d2Y+lO662kosOgl7A8lhOlAETZeiS:h8AhKvmZbjL9/lHR29vkQ9lMUSnbOgl7

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

C2

http://116.202.18.132/blob/q3k6tk.xi8o

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5.malz

Files

dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5.malz
.exe windows:5 windows x86 arch:x86

94c0b269c3199cdb46193be30d20c93b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
IsBadCodePtr
GetModuleHandleA
VirtualQuery
GetSystemInfo
IsBadReadPtr
HeapCreate
ExitProcess
GetCommandLineA
IsBadStringPtrA
InterlockedIncrement
GetQueuedCompletionStatus
GetLastError
CloseHandle
CreateIoCompletionPort
GetTickCount
HeapFree
HeapReAlloc
HeapAlloc
lstrlenA
HeapDestroy

user32

IsDialogMessageW
ShowWindow
CreateDialogParamW
DrawTextW
PeekMessageW
TranslateMessage
DispatchMessageW

gdi32

CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
BitBlt
DeleteObject
DeleteDC
CreateBitmap

ole32

CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend
GradientFill

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

94c0b269c3199cdb46193be30d20c93b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

shell32

comctl32

msimg32

winmm

winspool.drv

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 512B - Virtual size: 236B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 512B - Virtual size: 236B