Extracted

• • Target

    406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0.msi

  • Size

    2.5MB

  • MD5

    e0808992ec58411df693995c7edae88c

  • SHA1

    00e02a807c815debbdfec793f785aaa4b7d1609e

  • SHA256

    406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0

  • SHA512

    bf2a3eb0fbba84cfab2e04250a888a0bfbdac53d632ca77bbad23908eb93ec8a97bf14c41773276e47f7c202930153e29ce2fbd6f4600dd27da39ef6b2511ed2

  • SSDEEP

    49152:ZiSoOl+YyNuCClJkqr6zeM4I/157fW8KvK18hZ6/MJ5:Zt7+YJCCvkP4Id59KvKiZCMf

  Score

  10^/10

  rhadamanthysdiscoverypersistenceprivilege_escalationstealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2