rhadamanthys | 9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d

Analysis

max time kernel
146s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe
Size

678KB
MD5

7286d3201342805034fb07a07675a630
SHA1

9bbd895e887afe9b5a2fa320ecc695189df9cc5e
SHA256

9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d
SHA512

64c549d4666704e604f7ce8d78deb848cefed34680f5b9e32a7ee009ff5c3d6505197132b97039e8842aa1836f2bddc0af95f4dd9e47aff340f620b48a85d55f
SSDEEP

12288:Af/1RgkVxftfwpdXO95bR0xJdur3P5tbM7YRX4pjERUho2s9Ca7ItJ:G1Rgkzlfwrsd0xJa3xu7YRX4pjMcsk9

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exeopenwith.exe

pid	Process
3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe
3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe
3908	openwith.exe
3908	openwith.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe

description	pid	Process	procid_target
PID 3220 wrote to memory of 3908	3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe	85
PID 3220 wrote to memory of 3908	3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe	85
PID 3220 wrote to memory of 3908	3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe	85
PID 3220 wrote to memory of 3908	3220	9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe	85

C:\Users\Admin\AppData\Local\Temp\9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe
"C:\Users\Admin\AppData\Local\Temp\9722d6334bdc365eadebe9e8ddac2eb0fe01fe1c82cf059f32e2e9e91948fc0d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\system32\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3220-10-0x00007FF93A610000-0x00007FF93A8D9000-memory.dmp

Filesize
2.8MB

Download
memory/3220-3-0x0000000000F50000-0x0000000000F58000-memory.dmp

Filesize
32KB

Download
memory/3220-0-0x00007FF91EC93000-0x00007FF91EC95000-memory.dmp

Filesize
8KB

Download
memory/3220-15-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download
memory/3220-19-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download
memory/3220-5-0x000000001B6B0000-0x000000001BAB0000-memory.dmp

Filesize
4.0MB

Download
memory/3220-6-0x000000001B6B0000-0x000000001BAB0000-memory.dmp

Filesize
4.0MB

Download
memory/3220-7-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download
memory/3220-8-0x00007FF93CEF0000-0x00007FF93D0E5000-memory.dmp

Filesize
2.0MB

Download
memory/3220-9-0x00007FF93C9A0000-0x00007FF93CA5E000-memory.dmp

Filesize
760KB

Download
memory/3220-2-0x00007FF91EC90000-0x00007FF91F751000-memory.dmp

Filesize
10.8MB

Download
memory/3220-1-0x0000000000690000-0x0000000000740000-memory.dmp

Filesize
704KB

Download
memory/3220-4-0x0000000002810000-0x0000000002820000-memory.dmp

Filesize
64KB

Download
memory/3908-16-0x00007FF93CEF0000-0x00007FF93D0E5000-memory.dmp

Filesize
2.0MB

Download
memory/3908-18-0x00007FF93A610000-0x00007FF93A8D9000-memory.dmp

Filesize
2.8MB

Download
memory/3908-20-0x000001758CAD0000-0x000001758CED0000-memory.dmp

Filesize
4.0MB

Download
memory/3908-21-0x000001758CAD0000-0x000001758CED0000-memory.dmp

Filesize
4.0MB

Download
memory/3908-22-0x000001758CAD0000-0x000001758CED0000-memory.dmp

Filesize
4.0MB

Download
memory/3908-17-0x00007FF93C9A0000-0x00007FF93CA5E000-memory.dmp

Filesize
760KB

Download
memory/3908-11-0x000001758AFD0000-0x000001758AFDA000-memory.dmp

Filesize
40KB

Download
memory/3908-14-0x000001758CAD0000-0x000001758CED0000-memory.dmp

Filesize
4.0MB

Download