Extracted

• • Target

    b93f7881155103cb85a167145bbe594b.bin.exe

  • Size

    7.4MB

  • MD5

    4bbc93cc56bf15816d8ce4ddc23a6a17

  • SHA1

    d9f560d25157fc978c7b5c0f216c21958687a7d5

  • SHA256

    7716fc431a6486354a6f450cdd275e05c63ae8bb7614cf8ad4509e1c67427a95

  • SHA512

    46d359082e10b7c4b5b012678b99c8bb618b5190713aa9c7c972cef4bdec8a922bb3a30c4ef77b2d7b603e0c27cb64dd4312736c9c4830faa23a059e626a7152

  • SSDEEP

    98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwqWfm1Rqvn:Yi68xQ+zLJOZwjgZ7CfaRSn

  Score

  10^/10

  hijackloaderrhadamanthysdiscoveryloaderstealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Hijackloader family

    hijackloader

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2