Extracted

• • Target

    b936853a0c50a0cd0bc8b33103b55bd88e19c6c28768d990b954c11d714286ca

  • Size

    1.9MB

  • MD5

    8f4e17608aa8b1678f9c810ba1df77ee

  • SHA1

    5df6dd26be208d81f626c86db9b388d46e7577e5

  • SHA256

    b936853a0c50a0cd0bc8b33103b55bd88e19c6c28768d990b954c11d714286ca

  • SHA512

    cab27d97c78630f194bff6d87f4a0b7e2f28e4795d1c516e85906079708b456af845cc01575620b0067b7a5a95040b73eb56f7bf53c7d3f719dea4fc695ff8bc

  • SSDEEP

    49152:zdALA+rMVL7LZLOkALP7fiKHnMDpNU0pixrJpI2s2ey5SDjgsWlWOS3lXF5uA6WH:zqAj7Lkkk7Hxs

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2