Extracted

• • Target

    2024-09-09_2bbf7b599379f1b579e8f865c808db33_poet-rat_snatch

  • Size

    7.8MB

  • MD5

    2bbf7b599379f1b579e8f865c808db33

  • SHA1

    68e1b1da4ee239290b6d5ee6d0d700ef57c7112d

  • SHA256

    84000ed58e1294bc3cdb7c26656be648081bf70d5d3ceba0cbb8717564f21899

  • SHA512

    26dbe131b72160bf40be48a84744ed74010e2e9c1b6e752f596b87a3d4d1f2d6f336bcd9b8f9c5173047568c0c50712f911946dd22eeeb3539c06f3c77b2a0cc

  • SSDEEP

    98304:EcBd3dhwdfiIXOZDrEfEMSFNc8HewP+zfUef0A3K6fTExWan1/:TldhwdfiIkD4fGNH+wMUs0AaIB

  Score

  10^/10

  rhadamanthysdiscoveryexecutionstealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2