MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AdaptixC2


Vendor detections: 15


Intelligence 15 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
SHA3-384 hash: 1e8e29a436b82a66d42a12e7eb58f698e2b61d5f100f544a7ea4774249307c37e22e3c1d28e965f5fbf7e52362aa18f6
SHA1 hash: b6f5fbafe39b635faa7421c2f5567b67d9c122b4
MD5 hash: 0dbaee8bcc15e1b4b424d07e8a4b8e4d
humanhash: mississippi-texas-social-butter
File name:0dbaee8bcc15e1b4b424d07e8a4b8e4d.exe
Download: download sample
Signature AdaptixC2
Create hunting rule
File size:176'304 bytes
First seen:2025-12-25 12:04:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c86a15ad8daa9fda8a1aa35746d80e0f (17 x AdaptixC2)
ssdeep 1536:5mjklNrqI1q3y2D79tGRh++TVSi6nYVa58po0e2/T20yZF+E+aD:sj2Kv+b81KSdZY6
Threatray 25 similar samples on MalwareBazaar
TLSH T177045236E6B3C46DC05FD634AF83A4B3B9F1BC5C4634651947C1A6223B5BD386BAE180
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter abuse_ch
Tags:AdaptixC2 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
0dbaee8bcc15e1b4b424d07e8a4b8e4d.exe
Verdict:
No threats detected
Analysis date:
2025-12-25 12:07:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/41b3413c-bdca-441f-bba3-683fba41550d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46028/
Detection(s):
Win.Malware.Adaptixc-10058672-0
Create hunting rule

Win.Trojan.AdaptixC2-10058663-0
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694d288701c7b4a8fe5593b0
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 mingw unsafe
Link:
https://www.filescan.io/uploads/694d2883e126b9ff4391056b/reports/2737e616-b1ea-4eba-8c96-7104ba592984/overview
Verdict:
Malicious
Labled as:
Trojan[Backdoor]/Win64.AdaptixC2
Link:
https://www.hybrid-analysis.com/sample/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-18T18:22:00Z UTC
Last seen:
2025-12-27T03:25:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Win64.AdaptixC2.a Backdoor.Win64.AdaptixC2.sb
Link:
https://opentip.kaspersky.com/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e/results?tab=lookup
Malware family:
AdaptixC2
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3bb450b3-4807-4447-94e7-b0cfc37db465
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1839289
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1839289 Sample: RCS902am3k.exe Startdate: 25/12/2025 Architecture: WINDOWS Score: 48 17 Multi AV Scanner detection for submitted file 2->17 6 RCS902am3k.exe 2->6         started        process3 process4 8 WerFault.exe 19 16 6->8         started        11 WerFault.exe 16 6->11         started        file5 13 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->13 dropped 15 C:\ProgramData\Microsoft\...\Report.wer, Unicode 11->15 dropped
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/0dbaee8bcc15e1b4b424d07e8a4b8e4d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e/
Verdict:
Malicious
Threat:
Family.ADAPTIXC2
Link:
https://tip.neiki.dev/file/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
Threat name:
Win64.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2025-12-19 00:32:25 UTC
File Type:
PE+ (Exe)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfeszcsrhdb4d4andh5c4g3zr4tr4jzq25hj3zu6sjwvycus6zha._file
Verdict:
malicious
Label(s):
adaptixc2
Create hunting rule
Similar samples:
09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
AdaptixC2
1c72af27762f9c18e927caea93182d1895086f7d64e2af6d0197984e5220ed8e
AdaptixC2
500896fbd343a7c713ddce1815d9827606edae3f81abf0fba68cb6b163ce0871
AdaptixC2
7e94fe9333f37a25dc0dd9491e29c04c68c5181618bc39ea5d9410d64f8b1459
AdaptixC2
a3afe77a546d43e2cbfb2475d08c67faa8c5fad832cd58c069dfd4b476b7031c
AdaptixC2
cc59222114d66968d342258240c9cd56b4182ea432952073359fec07c7cc4853
AdaptixC2
ddfa43064097e71896ee6d75af3bc211bdeb847da40849c2789339c06b048771
AdaptixC2
error
AdaptixC2
+ 15 additional samples on MalwareBazaar
Result
Malware family:
adaptixc2
Create hunting rule
Score:
  10/10
Tags:
family:adaptixc2 RAT backdoor trojan
Link:
https://tria.ge/reports/251225-n9aa8awna1/
Behaviour
AdaptixC2
Adaptixc2 family
Malware Config
C2 Extraction:
147.182.187.2:443
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0a0f3143-d1f2-4a83-a454-c424855cd496
Unpacked files
SH256 hash:
09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e
MD5 hash:
0dbaee8bcc15e1b4b424d07e8a4b8e4d
SHA1 hash:
b6f5fbafe39b635faa7421c2f5567b67d9c122b4
Link:
https://www.unpac.me/results/13154d35-6016-4b32-9e1a-b700bc5c1e15/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/09492c8a5138c3c1f00d19fa2e1b798f271e2730d74e9de69e926d5c0a92f64e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/46028/

Comments