rhadamanthys | 1620-48-0x0000000000400000-0x000000000046D000-memory[.]dmp | Triage

Sharing

General

Target

1620-48-0x0000000000400000-0x000000000046D000-memory.dmp
Size

436KB
MD5

8996938d4811f3cf8faba5b0ee7cca97
SHA1

d80d371909c9962b5a641483bccb4b2d1ae2a299
SHA256

6404ac4cac4d53dbbe19c6cef158ea1e2d1e263710058c140cee70b6881efacf
SHA512

0dc1e0591cf270e7f64c58d69eb32f0eb6bee0910a063d52c2b7e60aec54d321823c6dc9751b5dc429fa19f82f3cbc0c5d885d8fee06d47af55dd88a984c4070
SSDEEP

6144:g2qezd2ab1/RuHk+M3k8M3W7XomjOJCqshrOlumY6DMIewgxQfqJsb:gf2R/EEkCQFYDwRq+

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

C2

https://deadmunky.nl:5403/68efc67ee981034e6b329438/h7bgh43h.758up

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1620-48-0x0000000000400000-0x000000000046D000-memory.dmp

Files

1620-48-0x0000000000400000-0x000000000046D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ