Extracted

• • Target

    setup.msi

  • Size

    25.2MB

  • MD5

    9e10d740b32cd15a4fb9a947f911b924

  • SHA1

    6ed60f2f79f986cbf4cc6ab1076522b9c762c272

  • SHA256

    ce35819b8e52f92738534f2b0c0d468bdade96eba64a41915618ab11c04c994a

  • SHA512

    d793f50e6a417a8c75da3a3e809c9cb2d2724d92600e994a90c4198f47937ad462d1682a5277fcb3f0d6648fee2511a2b43c96ff96e8e6a7bec4e461b6bd7a08

  • SSDEEP

    393216:o+OBUMu/xfGNU/6EiKJ5q7cPYALEUEZZ5XXMHjmPaKshz8Rk3KRrREZ78t0N:o+FMSuNCXFYHnbBXHaJ8a3wrREit0

  Score

  10^/10

  persistenceprivilege_escalationrhadamanthysexecutionstealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2