Extracted

• • Target

    5c9f76f84adfb563c3073625481286cfb5059a05d12d635ee26e758c6c881a8a.exe

  • Size

    1.2MB

  • MD5

    428debead98e87580b9d650b373dc205

  • SHA1

    4965fb5c56de9a62f4eacf49ec9ff523500a31c7

  • SHA256

    5c9f76f84adfb563c3073625481286cfb5059a05d12d635ee26e758c6c881a8a

  • SHA512

    4637b63cd4efbb72fdc4b9be7b7346a7bdfb408faa218c2ba26e184902c4b93e1bae2bd5e083a9826529089012015839e276bc8c1a41d9f7e93621950f611899

  • SSDEEP

    12288:SvkKkPpLiD4PDM5nN9gSv6Xb2Q0dXyzFAFQgUB39MwT:AksDODM3v6b2QYyxAh4d

  Score

  10^/10

  discoverylummarhadamanthysstealer

  • Detects Rhadamanthys payload

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Suspicious use of SetThreadContext

  behavioral1behavioral2