rhadamanthys | test[.]bin | Triage

Sharing

General

Target

test.bin
Size

437KB
MD5

0cfc0309bcf83d589d9ebdb1a84fe2f1
SHA1

f6cd1d5e7390de8a24398a79209d1a8ce2726647
SHA256

b1be23345dbd3740f9ef660fe23471ee12889cf341c12b1067a2edcac2f74fef
SHA512

ca1a702bf8b46cf07ddf3aa89f8c96208093bfd2bb56b9d87db6fca3bda416bcad14262fbcb6e228763fd64a8d162422afa2010d14b723fd37f4479096ab0b40
SSDEEP

12288:BuZZani4FaYkizhRpfX54K+uiE8fZzhzJA:B+ZIi4Z95/54K+uiE8hd

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

C2

https://deadmunky.nl:3715/b607677f1d5be7bf651f2/anu9bil9.9ux15

Signatures

Rhadamanthys family
rhadamanthys
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

test.bin

Files

test.bin
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ