Extracted

• • Target

    2024-12-18_9c2607551dca3e6f1c3a245ac734ea4d_magniber_rhadamanthys

  • Size

    17.1MB

  • MD5

    9c2607551dca3e6f1c3a245ac734ea4d

  • SHA1

    1d01ee2c83bbd18caa66f8c2b6814afa8bdcc6c1

  • SHA256

    f263cbd36fdf367fc9ef32bd9f80f0f459a0a09a5aff4a8f387e771ae20d31b0

  • SHA512

    17b7e59eb5a2d7108d2cdd23c1688de91b57c1505a5eef4fe3a0aa6921888f149dfdc072b90161640454ffce1420a652fa146c2fff9d95cb75f02bf83fde1752

  • SSDEEP

    393216:wIYI8MniGGWJ1o1AQmdcpR70nx+lml4muzstkuvpSeCC6QWFjTCMaYRK9g:QlfjlK9

  Score

  10^/10

  discoveryrhadamanthyspersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2