Extracted

• • Target

    01a68fb30e8452e9d83c02f0fcba1086bd15855f7289e7ed23f6fecb29360b74

  • Size

    6KB

  • MD5

    102bcd3075e9ac5f4f0b94af5884c22e

  • SHA1

    1091e0ccca98dbfc9a4c9da679afa93b886aeeeb

  • SHA256

    01a68fb30e8452e9d83c02f0fcba1086bd15855f7289e7ed23f6fecb29360b74

  • SHA512

    c33a5511eb4c262d1a13f09d7057773adc8b1500a3149d49c4d3fd6d50cd61c4eb75df8f06489e02eec43aa1ace7a3dc36de4b134cf3ec81a753769abaed79da

  • SSDEEP

    96:EyrsU9DOzDO3+LcgR9htkwF1ccDkw0thG93ozNt:dUD5LcwsFmq

  Score

  10^/10

  purecrypterrhadamanthyscollectiondiscoverydownloaderloaderspywarestealer

  • Detect rhadamanthys stealer shellcode

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1