Extracted

• • Target

    view

  • Size

    83KB

  • MD5

    ea11b9f8283f67be10f3c70d5f5fa778

  • SHA1

    dbcbab7679ea4f1956072f69b16279f78af1a39a

  • SHA256

    19deb2fb64f5f87160e3608268f86803ea624a5433b52e572e9392905ed0c434

  • SHA512

    f00ca799e88e20588dc60c26e392c3b1dfd0446cbaa128dd68a126b9ab11bdcf2181b87be040a9b3e765f9f1e301fd904e3867f33847a9d71f182b20a0991b1d

  • SSDEEP

    1536:NbuBJO8zzNVpnLnTMxDfnr/O9DwCIM4tWR+13C:wBUgIxDab5

  Score

  10^/10

  rhadamanthysstealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1