Extracted

• • Target

    f617be25cb6b894df7c180f0ac4ac93aa26b808c2c6b69821546b29158dc2499.exe

  • Size

    11.6MB

  • MD5

    d1b974d3816357532a0de6b388c5c361

  • SHA1

    fef9e938027e649ebbcffb074c65d46b2d0a1621

  • SHA256

    f617be25cb6b894df7c180f0ac4ac93aa26b808c2c6b69821546b29158dc2499

  • SHA512

    c4025fd2cc9c08c7319fc9574913d793954ba93b01288a5f03cf12beeaa40617c182f850ab40c1be434c80024632f395a355622f1bc4d0ce4dae987d43868f35

  • SSDEEP

    196608:ik0gfc3haxZH+fiE1jlKkbSPSvFWuFBGFV42uL7L:ikhfcuZH+XKgHFW+BGFVE7L

  Score

  10^/10

  rhadamanthysdiscoverystealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2