rhadamanthys | 876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba | Triage

Sharing

General

Target

876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba
Size

437KB
MD5

2d5e47d6206c3f30d06eb38e118f5868
SHA1

5f7cd59b6254a6fe1dfbc4d56cc689deb66a32bf
SHA256

876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba
SHA512

d5d40e67f24fabc989ab7ac9627e4a2fea839a52e880a6f9db9982a26c9794c50be8e3be356df3a8c48b15f17364f1c0bb547bba89b9358776052f37aae99329
SSDEEP

12288:WuZZani4FaYkizhRpfX54K+uiE8fZzhzJA:W+ZIi4Z95/54K+uiE8hd

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

C2

https://deadmunky.nl:3715/b607677f1d5be7bf651f2/anu9bil9.9ux15

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba

Files

876c6f4d85012dc4c8a34598efe8f29c9f238a7b2a55444f45b062df258837ba
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ