Extracted

• • Target

    0949242082c2b9d1335b4116a3beb48762782560add525b894fa2a9aa136bd98.js

  • Size

    82KB

  • MD5

    03844efc838d98e3a3aa6f935a2ff1db

  • SHA1

    11c08db7fa610ff1a9e2bf7fb5e34015ceceec4f

  • SHA256

    0949242082c2b9d1335b4116a3beb48762782560add525b894fa2a9aa136bd98

  • SHA512

    a34ed6ea22b9f6c1ebbae01d15fec736612039b6ab2d45984ef65a5cf53046be44d5e97dbb160735634c2c18103f0751782db47e5f00ace65d73591d85128928

  • SSDEEP

    768:7AK3GmGyO9RsGGx5osXrmsGaO95b9iyCfxAO111y21NHvlZupREEpRfr5onZWRUX:GZeGX2unjA06

  Score

  10^/10

  executionrhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2