Extracted

• • Target

    ee5e15f0a5d97e1c50e1b74e2856852979d7018e559635d2dd2bf93504cd0817.exe

  • Size

    24.4MB

  • MD5

    a2409ced4e462f3a09540fc3f9bc2c72

  • SHA1

    9b87fc0e83dfb069170cb8e4fda8e5dac36fa458

  • SHA256

    ee5e15f0a5d97e1c50e1b74e2856852979d7018e559635d2dd2bf93504cd0817

  • SHA512

    07f4a9bc4b5cb4d72dc9dddd8965a94556d3c97fa6bd9a2f1cf2bddc54b83768acdc8ebcdca1ee774702c5cb80cc2e2d898c98764a16697b898488a5bbb5c498

  • SSDEEP

    393216:0T0WwBrLtviphyCNYsB0a6/PRGTUJO/klUROsvsZdZJMZ:0Iviphy0yD/PkTUmw4vwdfMZ

  Score

  10^/10

  rhadamanthysdiscoverystealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2