rhadamanthys | 99bd6ee7da4edad447fba55a6b11538927013586ef617e70a0ff4765adae22db

Analysis

max time kernel
3s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12-06-2024 02:52

Target

crack.exe
Size

479KB
MD5

eb580bc45a382527d2f1ff80c542bd9d
SHA1

0b95c965fe80c9b9d9270be74817a8771bb02daa
SHA256

99bd6ee7da4edad447fba55a6b11538927013586ef617e70a0ff4765adae22db
SHA512

a3f4563d4ee61a0bdc612c849f13711af961514cbe3ce48ab9af0b905c8df278f470e902bc50b64d95055f2bd69fd288bba1dd0405caf9e4a42585cdf6b3e23c
SSDEEP

6144:pTNlPsSiE0grIlHAjNL7S8AtKZnbr8qz6xzS06d17GQxAAXcpGZ5wIzkyOD+lRXs:pFR0gsAjNL6tQbr8w6xely1JcXgDsLm

Score

10^/10

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Deletes itself 1 IoCs

Processes:

dialer.exe

pid process

1752 dialer.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

crack.exedialer.exe

pid process

2084 crack.exe
2084 crack.exe
1752 dialer.exe
1752 dialer.exe
1752 dialer.exe
1752 dialer.exe

pid	process
1752	dialer.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

crack.exe

description	pid	process	target process
PID 2084 wrote to memory of 1752	2084	crack.exe	dialer.exe
PID 2084 wrote to memory of 1752	2084	crack.exe	dialer.exe
PID 2084 wrote to memory of 1752	2084	crack.exe	dialer.exe
PID 2084 wrote to memory of 1752	2084	crack.exe	dialer.exe
PID 2084 wrote to memory of 1752	2084	crack.exe	dialer.exe

memory/1752-9-0x0000000000770000-0x0000000000779000-memory.dmp

Filesize
36KB

Download
memory/1752-17-0x0000000074710000-0x00000000748D2000-memory.dmp

Filesize
1.8MB

Download
memory/1752-15-0x00007FFB4E7E0000-0x00007FFB4E9BB000-memory.dmp

Filesize
1.9MB

Download
memory/1752-13-0x00000000045D0000-0x00000000049D0000-memory.dmp

Filesize
4.0MB

Download
memory/1752-12-0x00007FFB4E7E0000-0x00007FFB4E9BB000-memory.dmp

Filesize
1.9MB

Download
memory/2084-4-0x00007FFB4E7E0000-0x00007FFB4E9BB000-memory.dmp

Filesize
1.9MB

Download
memory/2084-0-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2084-8-0x0000000074710000-0x00000000748D2000-memory.dmp

Filesize
1.8MB

Download
memory/2084-6-0x00007FFB4E7E1000-0x00007FFB4E8EF000-memory.dmp

Filesize
1.1MB

Download
memory/2084-10-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2084-5-0x00000000031F0000-0x00000000035F0000-memory.dmp

Filesize
4.0MB

Download
memory/2084-3-0x00000000031F0000-0x00000000035F0000-memory.dmp

Filesize
4.0MB

Download
memory/2084-2-0x00000000031F0000-0x00000000035F0000-memory.dmp

Filesize
4.0MB

Download
memory/2084-1-0x00000000031F0000-0x00000000035F0000-memory.dmp

Filesize
4.0MB

Download