rhadamanthys | aef5c6fec5ea5f20f0e71f34d3777919[.]exe

Resubmissions

27-11-2024 10:02

241127-l2378ayngy 10

16-07-2023 01:10

230716-bjkcaacb72 10

Sharing

Copy URL

Twitter E-mail

General

Target

aef5c6fec5ea5f20f0e71f34d3777919.exe
Size

448KB
MD5

aef5c6fec5ea5f20f0e71f34d3777919
SHA1

013c70c60334495904fa1e83a129dd3c369e6acf
SHA256

01c7c28d8fcbded6bb906af11b34e65e19a71bc433fa3c8b5e615130f78028d5
SHA512

bd48e8ec604e074b759b1c08c9d1e6adb90da902b4f23b9f37210ec32183c22a53d0a571d3c46bf43c32f47debc47313c0c98136ac6bc55bf1004b41c19f2774
SSDEEP

6144:L/E8DIpjK28t4snQTlp3z/pSZ+pDKpf9EkQbKxVK+PXItNOapG8RuzRiRh3Zi:dEpj7snAv/cgu4VGn6OaM+ucj

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

https://45.12.253.92:7079/d93563d629a84c3/eig9lafq.2klt9

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aef5c6fec5ea5f20f0e71f34d3777919.exe

Files

aef5c6fec5ea5f20f0e71f34d3777919.exe
.exe windows:4 windows x86 arch:x86

fd020041ed8eb76ffbdb414a8b3716f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
HeapCreate
VirtualQuery
OutputDebugStringA
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
MulDiv
GetProcessHeap
HeapAlloc
VirtualProtect
HeapSize
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

ReleaseDC
GetDC
GetSystemMetrics

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

gdi32

FillRgn
FillPath
SetBkMode
GetObjectType
TextOutW
PtVisible
CreateRectRgn
ExtCreatePen
CreateFontIndirectA
ExtCreateRegion
CreateRectRgnIndirect
CreateEnhMetaFileW
SetWorldTransform
CreatePatternBrush
PolyBezierTo
CreatePalette
GetWindowOrgEx
GetEnhMetaFileHeader
EndPath
CombineRgn
CombineTransform
Polyline
GetViewportOrgEx
Rectangle
GetClipRgn
IntersectClipRect
DPtoLP
GetDeviceCaps
CloseEnhMetaFile
GetROP2
Arc
Chord
GetTextColor
AbortDoc
GetObjectW
PtInRegion
RestoreDC
GetTextExtentExPointW
GetRgnBox
ResizePalette
Polygon
MaskBlt
EqualRgn
SetViewportOrgEx
SetDIBColorTable
GetTextExtentPoint32W
GetDIBits
OffsetRgn
PathToRegion
StartDocW
GetCurrentObject
SetGraphicsMode
LineTo
RectVisible
GetTextMetricsW
GetNearestColor
ExcludeClipRect
DeleteDC
SetMetaFileBitsEx
CreateSolidBrush
DeleteEnhMetaFile
GetBkColor
CreatePolygonRgn
SetMapMode
CreateFontIndirectW
EndDoc
GetWorldTransform
SelectPalette
GetCharacterPlacementW
CreateEllipticRgn
SetWindowExtEx
CopyEnhMetaFileW
GetMapMode
SetROP2
GetEnhMetaFileDescriptionW
BitBlt
SetBkColor
CreateMetaFileW
GetBkMode
SetWinMetaFileBits
CreateDIBSection
EnumFontsW
SelectObject
UnrealizeObject
StretchBlt
ArcTo
PolyBezier
MoveToEx
DeleteMetaFile
EndPage
SetDIBits
SetStretchBltMode
CreateCompatibleBitmap
BeginPath
CreatePen
GetBitmapBits
SetWindowOrgEx
RealizePalette
AngleArc
FrameRgn
CreateBitmap
SetRectRgn
GetStockObject
PlayEnhMetaFile
LPtoDP
GetWinMetaFileBits
GetClipBox
DeleteObject
GetRandomRgn
SetTextColor
SaveDC
CreateHalftonePalette
ExtFloodFill
CloseMetaFile
SetAbortProc
SetTextJustification
SetEnhMetaFileBits

winmm

sndPlaySoundW
timeGetTime

msimg32

GradientFill

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

fd020041ed8eb76ffbdb414a8b3716f2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winmm

msimg32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 324KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 324KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB