Extracted

• • Target

    d6ec984243c2f7d64fdb68dfc869db58.exe

  • Size

    9.5MB

  • MD5

    d6ec984243c2f7d64fdb68dfc869db58

  • SHA1

    c42b45be65803b5aac2f517cf1c08972567ea3ad

  • SHA256

    5aa1ff83735375676ef3d2261890a73a0bb55dc14527c36f56c485280c42d511

  • SHA512

    fd1834e21e68abab054b36f6064acdaa4409b57d90999b8f501a323a0185bdb5d2dfa2deffdd985d5911f4d584853ae76e3bfcda3a3bdf0ddd8dcdfc040d2c56

  • SSDEEP

    196608:N5PaXTK8B8hKljsx8YmGNTNFC0eoPa1AZiXNaaM7hZgLLTYZGq:NZCTK8B8qjsIGNBwcyxXNfM7huLg5

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1