Extracted

• • Target

    c4542f600e2883dd58d8dc6753f40945.exe

  • Size

    7.3MB

  • MD5

    c4542f600e2883dd58d8dc6753f40945

  • SHA1

    a6a045a010ca258d4c8ad0fe08ceb378bea08bf6

  • SHA256

    7a83b820d1dc7794788ac1ce4f9165d2ba29fe33bf743d8316391244044e8d2d

  • SHA512

    1b310765a5267a886a590e1eeb1389c126d89f16b15abc197903ca40ff2fc4cec471d2b9c2e62f6d0111402c918d312fc7bfda1ec85d24cf5a6b24069d2fdacd

  • SSDEEP

    196608:leRYjLNtskrjbA1LTsTRUotGcbxw01XnqXoIX:lVLN7jbGUTRUUB1n

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1