Extracted

• • Target

    ram.exe

  • Size

    9.4MB

  • MD5

    ba0767946d9cac95fd727d7076c7fec1

  • SHA1

    31c713eabc90f61b44703a8d30e7ced6e2941f23

  • SHA256

    2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe

  • SHA512

    cd9398e8319068d44149fad6329c788d83ff400be30d29b89f0151aabfd9b340c0beb6f2773f2530a098e0cd304990f919f7c84536d719f46650fe99766ef048

  • SSDEEP

    196608:1LX8vpjby5OkoeYXp0leGQ7WWb+6otLwGwP55ar9kCmlwe1Xf/Ohz2+lLqKj:1Ivxy58eYXm7Q7WWb+5L+5Mr9k3d1XfN

  Score

  10^/10

  hijackloaderrhadamanthysdiscoveryloaderstealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1