MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 16


Intelligence 16 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
SHA3-384 hash: 18f63367cd73015e608a1f30847de961f9eeec0f661b7d85e184b0bca0f8972c852b327f74ebe8a645c0d31250de7f01
SHA1 hash: cc2b3caae9c313ebbb3d204818bfbc9ca8279c1d
MD5 hash: 2a31de1cd1a8bf98ccb05f8315cf5d0d
humanhash: enemy-twenty-stairway-wisconsin
File name:SecuriteInfo.com.Win32.MalwareX-gen.36364973
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:892'416 bytes
First seen:2025-09-04 14:13:58 UTC
Last seen:2025-09-06 04:05:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ccdf26f81c5c13d798e8a7ffab09084 (3 x Rhadamanthys, 1 x ValleyRAT)
ssdeep 24576:riC3U1b54oKouBSpjqxqS+qP/zMmLHu6P1fkXS:eJr4LoySBqxqS//zbHpfMS
Threatray 390 similar samples on MalwareBazaar
TLSH T17D150242B1C3B0B3FB9311301335E6B85D3EEA139B205EEB6184A63D5A717E24672779
TrID 49.9% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe Rhadamanthys

Intelligence

File Origin
# of uploads :
10
# of downloads :
80
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
9b55f6144b096d141be338f36ad10386818e04ed8166899fbb3de0ac3f53b51c.zip
Verdict:
Malicious activity
Analysis date:
2025-09-04 13:35:55 UTC
Tags:
arch-exec auto amadey botnet stealer redline loader rdp
Link:
https://app.any.run/tasks/f8bbc7c4-8d66-4a30-a6bd-eba841fc69e6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/25061/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.36364973.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b99ec7eb163e0ec1845599
Tags:
cobalt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-04T10:27:00Z UTC
Last seen:
2025-09-04T10:27:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.Agent.sb Trojan.Win64.SBEscape.sb Trojan.Win32.Strab.sb Trojan.Win32.Inject.sb Trojan.Win32.Crypt.sb VHO:Trojan-PSW.Win32.Convagent.gen Trojan-PSW.Win32.Crypt.if VHO:Trojan-PSW.Win32.Lumma.gen
Link:
https://opentip.kaspersky.com/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/361c4012-579f-4493-b59c-9e7a56085975
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/2a31de1cd1a8bf98ccb05f8315cf5d0d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3/
Verdict:
Malicious
Threat:
Family.LUMMA
Link:
https://tip.neiki.dev/file/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
Threat name:
Win32.Trojan.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-09-04 12:18:35 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cvpvgie6pzfkz4ppwpestivkuzm7td452p7xapio5wp7on42pwrq._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
018f9ba428f4e3360bb6ee7c42f5f475bda12ae71a430d603a4a5e8ea94fdcf9
Rhadamanthys
21410f2d5da769fab3f5c9d3d2f6aeec19d1f7b4d2a04e1370491aece6517a0a
Rhadamanthys
29ecf946a40c89dfae84770c96f483b151a636202ceaab43b1c8008f2adedbea
Rhadamanthys
7908c78041ece2129127d26500321b09f094e41c66f535454884bb4d79573b9b
Rhadamanthys
8b6cc989867108154391335d55fc5267007706203ca4eadab8ef5fe0cad10fbf
Rhadamanthys
925a447b319c05bc4ebe88b3a4404a84351e01026ef4de8d65bed475c9859be9
Rhadamanthys
a00f9b69f8250c86d0852c61a936f96372bd8c71fde6ddea492e3e2b8006ddea
Rhadamanthys
bad586a884eb7b1edcafc832a9ecf192e85b084d0e9b77423b9e5494ed7d44e2
Rhadamanthys
daa1e8c37f131efe55995260e3772db5bfe8d3d5c5c96d2adc7a55492aab0bae
Rhadamanthys
error
Rhadamanthys
+ 380 additional samples on MalwareBazaar
Result
Malware family:
rhadamanthys
Create hunting rule
Score:
  10/10
Tags:
family:rhadamanthys discovery stealer
Link:
https://tria.ge/reports/250904-rj8b4swvcy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Deletes itself
Detects Rhadamanthys Payload
Rhadamanthys
Rhadamanthys family
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/948cbb6f-f47a-4f90-8bb6-796588616100
Unpacked files
SH256 hash:
155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
MD5 hash:
2a31de1cd1a8bf98ccb05f8315cf5d0d
SHA1 hash:
cc2b3caae9c313ebbb3d204818bfbc9ca8279c1d
Link:
https://www.unpac.me/results/ec615782-691c-4d96-96e8-71cb202d7108/
Malware family:
Rhadamanthys
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/155f53209e7e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Executable exe 155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3617268/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/25061/

Comments