MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616
SHA3-384 hash: 310d9d097bcb1cbe4a1be4a127910560cfb961f37e35a319a926ea6e3f8a0ec013ebcbadeabd0275359d744eef8ff8ee
SHA1 hash: 863848edfe42a2b80ec818bc0622505bdd307451
MD5 hash: 4d13766e9aa0725e0a4b033c597b7e21
humanhash: minnesota-twenty-aspen-fillet
File name:appFile.exe
Download: download sample
File size:169'472 bytes
First seen:2025-05-24 11:04:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bf95d1fc1d10de18b32654b123ad5e1f (327 x LummaStealer, 65 x Rhadamanthys, 25 x Vidar)
ssdeep 3072:DUc061qnIgiFwmg7yGii4cMrwe7utWoJ5XIJ/PxM:/0agbibu5SG
TLSH T1E4F33AC3FB5AC169D8739C31E12E5CF267A92C12C5D4026B62843F063DF286259EB677
TrID 37.3% (.EXE) Win64 Executable (generic) (10522/11/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.9% (.EXE) Win32 Executable (generic) (4504/4/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 1cdc82a282fc3e03 (1 x Rhadamanthys)
Reporter abuse_ch
Tags:de-pumped exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
455
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
appFile.exe
Verdict:
No threats detected
Analysis date:
2025-05-24 11:08:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ad295061-50dd-48e8-9f93-d97669c2bc5b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.1769.11575.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6831a97f44c3881e854cc447
Tags:
malware
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
blackhole installer microsoft_visual_cc
Link:
https://www.filescan.io/uploads/6831a7b6fd02ed5e0585f1e4/reports/63edf7a6-6be1-492c-ad99-8e2d05b0fa63/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a5e46721-2329-4706-9456-6e8626a0ea34
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1698409
Behaviour
Behavior Graph:
n/a
Score:
19%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqgt76a6lh2n5mvooktpaxojj42p5lmyfpt63uru6zgs6pmjiyla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250524-m6c29shl7z/
Behaviour
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2a536ab2-d340-4e70-a5a8-b879dfd5ed59
Unpacked files
SH256 hash:
2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616
MD5 hash:
4d13766e9aa0725e0a4b033c597b7e21
SHA1 hash:
863848edfe42a2b80ec818bc0622505bdd307451
Link:
https://www.unpac.me/results/dd82aca8-20d7-4599-91f8-fc0561dff594/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

7z a4e1a2b780a30422bfce65771aba086e477e20a771d21980200879f5551226ff

Executable exe 2c0d3ff81e59f4deb2ae72a6f05dc94f34fead982be7edd234f64d2f3d894616

(this sample)

  
Dropped by
MD5 9ea6df9772195749efe4439614d42d04
  
Dropped by
SHA256 a4e1a2b780a30422bfce65771aba086e477e20a771d21980200879f5551226ff

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments