MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6
SHA3-384 hash: bf4d0b60b370f510c153559a8bfc30070b6dda81639f3e7b531c22968143f2fc734212afb230ceb61c641ccba9341b8d
SHA1 hash: 7dc4894b62775a6ff8d5f5e4ce31f8de3771cd5e
MD5 hash: c8d13895298c8f833bff86dd6b977092
humanhash: blue-october-march-maine
File name:Setup.exe
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:99'614'696 bytes
First seen:2025-08-19 17:28:15 UTC
Last seen:2025-08-22 16:03:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b729b61eb1515fcf7b3e511e4e66258b (70 x LummaStealer, 16 x Rhadamanthys, 8 x Adware.Generic)
ssdeep 49152:dJl864aCIfahJg+Qu3dtQm35Bljy6LaWZibJAd:dJl8ZaCnhJXQitJlmCaAj
Threatray 492 similar samples on MalwareBazaar
TLSH T16D2812C267C8B12941E3467D099D0B663DB4D7312F91435B288F6B2D5B2EE2E7E9B403
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 2400f0a4a2d030b0 (2 x Rhadamanthys)
Reporter GDHJDSYDH1
Tags:backdoor exe Rhadamanthys spyware stealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
583
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup.exe
Verdict:
Malicious activity
Analysis date:
2025-08-19 17:22:07 UTC
Tags:
autoit
Link:
https://app.any.run/tasks/f6529dcb-a83a-404a-a8ce-4b07b91b1889

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68a4b4808fd55a79c5294806
Tags:
autoit emotet cobalt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a file
Searching for the window
Searching for the Windows task manager window
Running batch commands
Creating a process with a hidden window
Launching cmd.exe command interpreter
Sending a custom TCP request
Launching a process
Using the Windows Management Instrumentation requests
Searching for synchronization primitives
Creating a process from a recently created file
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug blackhole installer microsoft_visual_cc overlay overlay
Link:
https://www.filescan.io/uploads/68a4b494419c816a6e8c51f2/reports/62e53a34-3485-4a18-b21a-a4eaad49a0a8/overview
Verdict:
Malicious
Labled as:
Malware_47.1
Link:
https://www.hybrid-analysis.com/sample/3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6
Gathering data
Verdict:
Malicious
Threat:
Family.RHADAMANTHYS
Link:
https://tip.neiki.dev/file/3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-08-19 17:22:07 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwyl2safantqdi7tdrq2tchbjqyzmohrdj2fnvng2dty43fhspda._file
Verdict:
malicious
Label(s):
unc_loader_058
Create hunting rule
Similar samples:
21410f2d5da769fab3f5c9d3d2f6aeec19d1f7b4d2a04e1370491aece6517a0a
Rhadamanthys
2e13d573b457b30b459d7597c46dd2e69e0288fdb08b0e392e6ad3bbe38f9112
Rhadamanthys
40e3105cd34d54cacd7e2559e19f1fa28e6e9ee2a09bec6a5a083262f334fa14
Rhadamanthys
5ddcf793e48d757154c7cbf8cf69ee95eed74201aef3b1fcbce6c5b7d915ef99
Rhadamanthys
6fc950aadfe73f097adcb76a2c4f9269aebf5849454daa3a3e31937445c37237
Rhadamanthys
8fd8f4f0859bcd3a297e8824174dd66b62fe471f65d0c205a71d813092ea2dcd
Rhadamanthys
9bfbf455319d2708851fc80207b23758debf9d2e27e79a37eab61bdce97ec77f
Rhadamanthys
cae777f6d88874325a18a95690fbf16b3d2ef3a3eea9872a66f9276681532321
Rhadamanthys
d4961daaa5ad74ff738009724a37c620f29b77466128c6f9904e980a27e477db
Rhadamanthys
d50564939caa156776eb0dc91e5f07c3a4ea2ad84d846d9081221a51d782da72
Rhadamanthys
error
Rhadamanthys
+ 482 additional samples on MalwareBazaar
Result
Malware family:
rhadamanthys
Create hunting rule
Score:
  10/10
Tags:
family:rhadamanthys discovery stealer
Link:
https://tria.ge/reports/250819-v21a1awk18/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Executes dropped EXE
Loads dropped DLL
Detects Rhadamanthys Payload
Rhadamanthys
Rhadamanthys family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/703df209-8552-4df3-be7a-e4a1a7ef4381
Malware family:
CypherIt
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3db0bd480503/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Executable exe 3db0bd4805036701a3f31c61a988e14c319638f11a7456d5a6d0e78e6ca793c6

(this sample)

  
Link
https://tria.ge/250819-vxjgpawkx9
  
Delivery method
Distributed via web download

Comments