Extracted

• • Target

    ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe

  • Size

    2.4MB

  • MD5

    ee0a93c22584233cc9faf75b7b49bb78

  • SHA1

    a31b0ac14c81447b71524e2815be43d9a55ea9f1

  • SHA256

    ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27

  • SHA512

    9fab2820bdb0a4e423f66c43105fc1f447d429b6ae525359f0977d034b562ca1a408e728324335f5aced12edd2135660711dd865b3c5fa641b57a02055ee170c

  • SSDEEP

    49152:+pz3Cy3BkrhfRAXMSxDw7DDCDbNV2ZGomxwF2Nz2k+IsvOYIiPcT:+pey3BkrZRAXMwDuDeh4ZGXeUMSevI9

  Score

  10^/10

  rhadamanthysdiscoverystealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2