Extracted

• • Target

    ff5bef5bc6a37af813010fbf65b9f470N.exe

  • Size

    1.5MB

  • MD5

    ff5bef5bc6a37af813010fbf65b9f470

  • SHA1

    92a81390c6fc694b48364afcc8a9898e3600bc16

  • SHA256

    766d45108b453a7efb1c63a80bdfcd2784bbfb730fe5c0971ab68ebf3e345109

  • SHA512

    79991d76123f7f3f458c905e01e8fbb7cc621892b389fe97d7df0b7d804c16626404479e4422cebd7fa8fd0e25b7784884c38250e304327da643613620b4e064

  • SSDEEP

    24576:/8DpJCGFXLxo15Xyfsf+fee5p184Pr1HLOkVyLP7E8Lr19Ei+sh/7mFJ3ckEJ8:1TWfee5kerZLOkALP7fiiHhDisW

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2