rhadamanthys | e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe
Size

781KB
MD5

8893d378c3cc09334f80bd7886926120
SHA1

7fd55045fe7f93814187b4f2c1885cf027caaed7
SHA256

e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4b
SHA512

115115cfa372b4076c35a580c3821e3b46554902ef6568186169e16ecf70d4d1d9789f24f1b0f7d13ec0e87be5ddf3c195e67e11be160603f5833103c81d67d5
SSDEEP

24576:wdLziisXKKzyraHfaVd9Q2mfQEairKCGoQSqr1u2X2:wJmiKKKzyr2fahDmf4iuCGRSq

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2356 created 1156	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	20

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe
2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe
2724	dialer.exe
2724	dialer.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2724	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	31
PID 2356 wrote to memory of 2724	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	31
PID 2356 wrote to memory of 2724	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	31
PID 2356 wrote to memory of 2724	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	31
PID 2356 wrote to memory of 2724	2356	e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe	31

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1156
- C:\Users\Admin\AppData\Local\Temp\e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe
  "C:\Users\Admin\AppData\Local\Temp\e1439a6e07503da37e82957c7171c7567eeff71f312923fd1c14d598d9c6fa4bN.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2356
- C:\Windows\system32\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-13-0x0000000077310000-0x000000007742F000-memory.dmp

Filesize
1.1MB

Download
memory/2356-7-0x00000000009F0000-0x0000000000A00000-memory.dmp

Filesize
64KB

Download
memory/2356-2-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download
memory/2356-3-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/2356-4-0x0000000000BF0000-0x0000000000CAC000-memory.dmp

Filesize
752KB

Download
memory/2356-5-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/2356-6-0x00000000009E0000-0x00000000009E8000-memory.dmp

Filesize
32KB

Download
memory/2356-9-0x000000001BC90000-0x000000001C090000-memory.dmp

Filesize
4.0MB

Download
memory/2356-8-0x000000001BC90000-0x000000001C090000-memory.dmp

Filesize
4.0MB

Download
memory/2356-10-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/2356-11-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/2356-1-0x0000000000EE0000-0x0000000000FAA000-memory.dmp

Filesize
808KB

Download
memory/2356-12-0x0000000077430000-0x00000000775D9000-memory.dmp

Filesize
1.7MB

Download
memory/2356-14-0x000007FEFD5A0000-0x000007FEFD60C000-memory.dmp

Filesize
432KB

Download
memory/2356-0-0x000007FEF5F93000-0x000007FEF5F94000-memory.dmp

Filesize
4KB

Download
memory/2356-18-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/2724-19-0x0000000001C00000-0x0000000002000000-memory.dmp

Filesize
4.0MB

Download
memory/2724-24-0x0000000077431000-0x0000000077532000-memory.dmp

Filesize
1.0MB

Download
memory/2724-21-0x0000000077310000-0x000000007742F000-memory.dmp

Filesize
1.1MB

Download
memory/2724-20-0x0000000077430000-0x00000000775D9000-memory.dmp

Filesize
1.7MB

Download
memory/2724-23-0x0000000001C00000-0x0000000002000000-memory.dmp

Filesize
4.0MB

Download
memory/2724-22-0x000007FEFD5A0000-0x000007FEFD60C000-memory.dmp

Filesize
432KB

Download
memory/2724-15-0x0000000000060000-0x000000000006A000-memory.dmp

Filesize
40KB

Download
memory/2724-25-0x0000000001C00000-0x0000000002000000-memory.dmp

Filesize
4.0MB

Download