Extracted

• • Target

    1e064eddcda0b1a5a6d864b79d91bf26.exe

  • Size

    1.5MB

  • MD5

    1e064eddcda0b1a5a6d864b79d91bf26

  • SHA1

    dd50f163bdade043b2f9845e481ae7debcceaa4d

  • SHA256

    28319673d8f382142e223302ede1e0e497ccac2cd7a9814715726335e78c29c7

  • SHA512

    87b0b37a13fbf79316c150f0e69525703888f28312c8efcd8ac2db8832e6385dabd04261a86d8f183a20e64dea12d4a0fb07c81536b6f2c5726847f8e654347c

  • SSDEEP

    24576:GzZTGqTlTTuRQghvPWL5zLntgJET0uItpLkzX7kBJGypqL9HFmsFmFd:GgkTTuxpWLBnGJEgaYBJgHFxmFd

  Score

  10^/10

  rhadamanthysdiscoverystealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2