MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c5a74fdffdce61b603d02022c932b36204fdc8db9ef69b46f39d5404a4c2312. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 3


Intelligence 3 IOCs YARA 11 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c5a74fdffdce61b603d02022c932b36204fdc8db9ef69b46f39d5404a4c2312
SHA3-384 hash: 9dd5b46386efd5ee6b1f242b4e88878a84cbb5e1899e8ce24a129d6ca1d6ce4189637ec14033821db7168406535b6249
SHA1 hash: d734f43c1f2f5a4c899f1518c99bc5dcb97badd7
MD5 hash: f9a15a0ca1aad9af4768c8cef74cb820
humanhash: carolina-zulu-quebec-white
File name:«FîleReady▬PassWord▬Is☼◄181905►».7z
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:1'567'754 bytes
First seen:2025-03-18 19:28:26 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 181905
ssdeep 24576:hX1prjb+fI40cA2W7YA65KJ/sy0RzTdSyPu9OgXHFC6U1BIkd5n0n1+9l3vQzfNF:hX1p/bSkcG0dA0y0NTdSquMQHM6UbI+y
TLSH T1AC753386F15F6B87480D71BA02E618EE5ECC8341C4CA540BEC4987AF3D51966EF0A57F
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z file-pumped pw-181905 Rhadamanthys


Avatar
iamaachum
https://a14v3gaz230724i.click/c95b77195990e107b327dde2086e23785f8a5dec/file-67d9c683b8cf8/?source=2791&grp=50&file=&q=After-Verification-Click---Go-To-Download-Page =>https://mega.nz/file/nVsxwICb#hQMi4P8NSU-VRc4xTOL4sZU6ecery84KVA80Uq7Y-eM/utm/10e6b15ee26c1481635

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:[x86][x64]_Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:691'105'088 bytes
SHA256 hash: efd45d2c32f106040815baf5e5bb68b24ba7e944b1e10608fbe6e3521a0db05e
MD5 hash: 493f909706430c595abbf756ff601d56
De-pumped file size:3'081'728 bytes (Vs. original size of 691'105'088 bytes)
De-pumped SHA256 hash: 6c7e15d7bd35333dd0241649694ef9f8a85f9260d060fa4dab3cc50e16183ed8
De-pumped MD5 hash: f3682387e752985763957e119e371e66
MIME type:application/x-dosexec
Signature Rhadamanthys
Vendor Threat Intelligence
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d9d46108116ce425723c4c
Tags:
n/a
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c5a74fdffdce61b603d02022c932b36204fdc8db9ef69b46f39d5404a4c2312/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-18 19:29:14 UTC
File Type:
Binary (Archive)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=frnhj7p73ttbwyb5aibczezlgyqe7xenxhxwtndphhkuassmemja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_RMM_AeroAdmin
Create hunting rule
Author:ditekSHen
Description:Detects AeroAdmin. Review RMM Inventory
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

7z 2c5a74fdffdce61b603d02022c932b36204fdc8db9ef69b46f39d5404a4c2312

(this sample)

Rhadamanthys

Executable exe 6c7e15d7bd35333dd0241649694ef9f8a85f9260d060fa4dab3cc50e16183ed8

  
Link
https://tria.ge/250318-x1yf5awzfz
  
Delivery method
Distributed via web download
  
Dropping
SHA256 6c7e15d7bd35333dd0241649694ef9f8a85f9260d060fa4dab3cc50e16183ed8
  
Dropping
MD5 f3682387e752985763957e119e371e66
  
Dropping
SHA256 7c3df25808e764c61d9db2d4021d2e8d2f266b710bed35ce91e7384ded271faf
  
Dropping
MD5 d0ede6e4fb73b98bf043b4c222a4ac29

Comments