MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56
SHA3-384 hash:	2876f26636c8c84e7e4f90243d3469aa41f6354c90c5c0919576fb21e612e0ba13e1191ced73604ba47f32bace420d29
SHA1 hash:	3f28dabcd78d1116e9d87e76ec45635ee6918d80
MD5 hash:	b360dddf2062b302452b29dfff343629
humanhash:	kansas-river-earth-nineteen
File name:	setup.exe
Download:	download sample
Signature	Rhadamanthys Alert Create hunting rule
File size:	406'528 bytes
First seen:	2023-04-02 01:03:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bea0621f64bda454c259fb9cfcc3b2f2 (1 x TeamBot, 1 x Rhadamanthys)
ssdeep	3072:/+Kgs8LHQ+GRUqYVWFczDSYicP6hX60rV+E6B/F/UFVl8zSYWwHFfgF+exho6qta:Cs8TERSIvrcZB/AVKzFW6FIZUmYhOJK
Threatray	24 similar samples on MalwareBazaar
TLSH	T1B1849E0297A06831F6225A328F1FC2F43A1EBC629E357F9A1E4B7E7F0970171D161B25
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	01626e6a6a6a6a60 (11 x Smoke Loader, 11 x Rhadamanthys, 5 x RedLineStealer)
Reporter	Chainskilabs
Tags:	exe Rhadamanthys

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

284

Origin country :

US

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

setup.exe

Verdict:

Malicious activity

Analysis date:

2023-04-02 01:04:57 UTC

Tags:

rhadamanthys

Link:

https://app.any.run/tasks/fd0b7f21-7bda-4274-90bd-fa88e36e9992

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox Rhadamanthys

Detection:

Rhadamanthys

Alert

Create hunting rule

Link:

https://www.capesandbox.com/analysis/379274/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.Trojan.PSE.1Y731WE.25522.1566.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Сreating synchronization primitives

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

azorult greyware lockbit packed

Link:

https://www.filescan.io/uploads/6428d485a820cb485f19f0f8/reports/8ed73361-a12c-4d96-9d6b-a3562a7d8402/overview

Hybrid Analysis Malware

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Malicious Packer

Malware family:

Malicious Packer

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b877940a-c545-48da-b613-9961b44c6ed1

Joe Sandbox RHADAMANTHYS

Result

Threat name:

RHADAMANTHYS

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1206463

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Hides threads from debuggers

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected RHADAMANTHYS Stealer

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56/

ReversingLabs TitaniumCloud Win32.Trojan.GenSHCode

Threat name:

Win32.Trojan.GenSHCode

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-04-02 01:04:08 UTC

File Type:

PE (Exe)

Extracted files:

42

AV detection:

19 of 24 (79.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fjtuvgqkz4ctfq4bnxybv6aorkk725jqumgkgftez6bnjttdtjla._file

Threatray malicious

Verdict:

malicious

Similar samples:

0177e5347dc981c4a60f0aa5a609a104d0dd6b9bac0b40071e6aa50f5dd45b54

Rhadamanthys

2818d3958cd90df32cb5c771f355a28a0ff47a436afa30c0205ca2a12a4224d8

Rhadamanthys

3ed4997b7fc422a343672e1159ca3b4c96b318a63e5ee85dcd7ce1ae9ce7bcd1

Rhadamanthys

415850683b95d1e1521a05b0f67758543cfa79c8977611ccbc22b2dcdace0020

Rhadamanthys

419600d0508516026569e661e54e5e7a5d17d47d18cb8f427932bd728d9bc743

Rhadamanthys

ce52a68b5d74c63e57bb3408a98ad26b9f7e4dfb0540fe21e6acd3c2742f106f

Rhadamanthys

ce59d2ac679c36ad5169712ed75dd21494e552f8ec9334d8fb4f74f4d83ce190

Rhadamanthys

d86c70788e8597af95906106bb03ed111f0c3eb5a359dd93b6a0d7a3fdf9c3cc

Rhadamanthys

db9c2f019ca91a2166740431d64d02bfff97a9638e68e9858fb9616f2df371ea

Rhadamanthys

eda25afd305a4158d3b02d9ad03ec2d866cc9abb51f008dbbefa9fb7de800e4d

Rhadamanthys

+ 14 additional samples on MalwareBazaar

Hatching Triage rhadamanthys

Result

Malware family:

rhadamanthys

Alert

Create hunting rule

Score:

  10/10

Tags:

family:rhadamanthys stealer

Link:

https://tria.ge/reports/230402-beyn4sdg72/

Behaviour

Suspicious use of NtSetInformationThreadHideFromDebugger

Detect rhadamanthys stealer shellcode

Rhadamanthys

UnpacMe 2

Unpacked files

SH256 hash:

879e00131fef015ee76a82bd8eb05543fa6a82276c08ef0c4035630952827de1

MD5 hash:

42340e853adbf922e185e3b82077bef1

SHA1 hash:

73dba5b14df609e9afc2b93dfc14f72eba683bbf

Link:

https://www.unpac.me/results/193bebcd-6350-4dae-a274-26b68b7b87f4/

SH256 hash:

2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56

MD5 hash:

b360dddf2062b302452b29dfff343629

SHA1 hash:

3f28dabcd78d1116e9d87e76ec45635ee6918d80

Link:

https://www.unpac.me/results/193bebcd-6350-4dae-a274-26b68b7b87f4/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

exe 2a674a9a0acf0532c3816df01af80e8a95fd7530a30ca31664cf82d4ce639a56

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2585403/

  

URLhaus

https://urlhaus.abuse.ch/url/2525167/

  

URLhaus

https://urlhaus.abuse.ch/url/2519959/

Cape

https://www.capesandbox.com/analysis/379274/