Extracted

• • Target

    29c6df4f70bc29919dba16a04c08800c.exe

  • Size

    1.5MB

  • MD5

    29c6df4f70bc29919dba16a04c08800c

  • SHA1

    0c6083da1f78d6d365138cc96724ee7f33b4b7de

  • SHA256

    7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2

  • SHA512

    30c9c7e62f8cb8d05e3dfcf0c526f9943fb648f91cd156a356550b0be326bde79bcfd638bd8b956577a0b8860eea186a4b80fab1b79deeee6a35515a927db666

  • SSDEEP

    49152:ETXLOO0MV8+2vk1rrts0LDAYjNxyBVQEBX9:EV0gVjrrtsMkYBxQVQEBX9

  Score

  10^/10

  rhadamanthysdiscoverystealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2