Extracted

• • Target

    cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a.exe

  • Size

    521KB

  • MD5

    068c05b9f062da142d266a374866d3bb

  • SHA1

    315726e1015e1e69cf9645bda713f463e93a8755

  • SHA256

    cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a

  • SHA512

    25358882e596ed9299ef714e2168a70e7bceace7fafc9f61e10e2fb58b480b97f31af86ef08e553cfe69546aa8b056b09df696d5fa9e07e2784392e8bbd87156

  • SSDEEP

    12288:xfL5njsVlNucSkkMxi+FAbPr+rr6K+u03mlw0lsp5ie:xfL5njMnOMxw26KY3t0lOAe

  Score

  10^/10

  discoveryexecutionrhadamanthysstealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Rhadamanthys family

    rhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    ⠨/start.vbs

  • Size

    231B

  • MD5

    abe1dd23ab4c11aae54f1898c780c0b5

  • SHA1

    bb2f974b3e0af2baa40920b475582bfd4fb28001

  • SHA256

    89054e19532a9a62ca3403a8899495bf6f06557ff886b475a04227eb8aba7b12

  • SHA512

    e9ec437a32301078ea69ce2f36dadab68315d5e56d94c4d579d3409ccbe0c9e00c3aed7baa0fa6d656fb8ed23213f4c01fb2d108c1a0ed11c58c76cd00f9a99d

  Score

  1^/10
  behavioral3behavioral4

• • Target

    ⠨/temp.bat

  • Size

    545KB

  • MD5

    1ab2d7cc96ad2b86edf74d5497b45def

  • SHA1

    baac72428aaff76788b6e0056b720c6920d0e6f8

  • SHA256

    1e23a11308681733cff73f23933670c4350cec867042bbe5f7ff54a6dcc1dd83

  • SHA512

    8b5a456b4a4c97e28b6e90735eb9a006e8afbcd3d588e04b7bd3ab24e20ef80e37cc08412cc421c0f465c148f5b1c181ea798585865bd82f9861c1a7351194a1

  • SSDEEP

    12288:pXL/2B/pCj7B4yHitIswk1Z4+zES361vtspCHXVX+NaD4ZELB9R3:pXL/2TC/BdHPswStESqBHFONe5X3

  Score

  1^/10
  behavioral5behavioral6