MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RapidStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e
SHA3-384 hash: 8f58bb469f6f67260948337cf1dee0cae9fed664cfd89f67767037ddbf22152578c842ced04794ad1e2439370926c1d3
SHA1 hash: c59dcadc6099e35f1f62511f3e24cd602e84966d
MD5 hash: eda0159a28f22c9a07023591640695d0
humanhash: colorado-louisiana-princess-comet
File name:LunnyClient Setup 1.0.0.exe
Download: download sample
Signature RapidStealer
Create hunting rule
File size:96'140'704 bytes
First seen:2025-11-29 14:18:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (533 x GuLoader, 110 x RemcosRAT, 80 x EpsilonStealer)
ssdeep 1572864:Xu4lH6RQcY1Qj3Of7LqFdzLcBdyNyBmiA25FWeQSuS4614:+4N6R4PqFdncBdyNdmMeC6+
TLSH T1B0283384C1622E7BE4B6FA3F9196DFA5024B39DC6B629A47E32F77B537B04512E13100
TrID 37.3% (.EXE) Win64 Executable (generic) (10522/11/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.9% (.EXE) Win32 Executable (generic) (4504/4/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Anonymous
Tags:exe RapidStealer signed

Code Signing Certificate

Organisation:Rapid Inc. Development
Issuer:Rapid Inc. Development
Algorithm:sha256WithRSAEncryption
Valid from:2025-10-30T05:47:41Z
Valid to:2025-11-29T05:57:41Z
Serial number: 5560032d20fc96924ef93b777f0bd4c3
Thumbprint Algorithm:SHA256
Thumbprint: 91ca3ea51e1435959a8678d55eb1720d3c112075e2bc91d999d9d47ffeb04099
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Anonymous
Provided by random friend request on Discord. Claims to be a minecraft launcher. Suspected malicious

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
US US
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
LunnyClient Setup 1.0.0.exe
Verdict:
Malicious activity
Analysis date:
2025-11-29 14:19:20 UTC
Tags:
arch-doc
Link:
https://app.any.run/tasks/6b9280e3-a60e-4ea5-8d6f-bb7a585bdf53

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692b00f76657e34332823f28
Tags:
extens sage blic
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug blackhole expired-cert fingerprint installer installer installer-heuristic microsoft_visual_cc nsis overlay packed signed
Link:
https://www.filescan.io/uploads/692b00eb1b65ca0bb927676a/reports/1242852e-dec5-4231-90ad-8d69f4b73855/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-29T12:02:00Z UTC
Last seen:
2025-11-30T08:55:00Z UTC
Hits:
~100
Detections:
Trojan-Spy.Win32.Stealer.fnvz Trojan-Spy.Stealer.HTTP.C&C Backdoor.Agent.TCP.C&C
Link:
https://opentip.kaspersky.com/2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e/results?tab=lookup
Score:
21%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e
Gathering data
Verdict:
Malicious
Threat:
NetworkReferences.Malware.Generic
Link:
https://tip.neiki.dev/file/2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fwvilm47hk6ygwekcqxp6liai5ryem3kwd3nng6grlksw4ycm2ha._file
Result
Malware family:
rapid_stealer
Create hunting rule
Score:
  10/10
Tags:
family:rapid_stealer credential_access defense_evasion discovery execution linux spyware stealer
Link:
https://tria.ge/reports/251129-rm2czahp9w/
Behaviour
Checks processor information in registry
Detects videocard installed
Enumerates system info in registry
Kills process with taskkill
Modifies data under HKEY_USERS
Modifies registry class
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Hide Artifacts: Ignore Process Interrupts
Launches sc.exe
An obfuscated cmd.exe command-line is typically used to evade detection.
Drops file in System32 directory
Enumerates processes with tasklist
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Disables one or more Microsoft Defender components
Uses browser remote debugging
Detects RapidStealer payload
RapidStealer
Rapid_stealer family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8b8cf9f5-6ebb-4c4f-8b15-fabdb7198950
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RapidStealer

Executable exe 2daa85b39f3abd83588a142eff2d00476382336ab0f6d69bc68ad52b7302668e

(this sample)

  
Delivery method
Distributed via web download

Comments