MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 17


Intelligence 17 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3
SHA3-384 hash: 1efaadbc5417defe9c22350db29bbc252fe4c3738c3405c7269e7124500aff128eaa34971449fc4e93cef15569a5611b
SHA1 hash: 4c6003d6ac04fd2a6ac9f5d24757423b7c679aec
MD5 hash: bdd1a586fa035a41defb97c9a5c6406a
humanhash: floor-yellow-carolina-juliet
File name:file
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:6'005'248 bytes
First seen:2025-09-28 04:01:47 UTC
Last seen:2025-09-30 04:06:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ff906d5ae0d3218e00c9d571874cb7f8 (3 x Rhadamanthys, 1 x CoinMiner, 1 x Amadey)
ssdeep 49152:UxDUr9MfRioxSfNJlB/OtCI8egU3oGfs6z9c6Mi4rnkl9Vd65u8c/0zLNOiEIIU9:JSRiVZBZQDSwscMPNDEpWUqh
Threatray 116 similar samples on MalwareBazaar
TLSH T19256C083FA930043FBE345B06F69C9A1C4191BE77A2929E680188584D4FDDAFD9B3537
TrID 49.9% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe Rhadamanthys


Avatar
Bitsight
url: http://178.16.55.189/files/5296057416/NjtIeMV.exe

Intelligence

File Origin
# of uploads :
12
# of downloads :
109
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
random.exe
Verdict:
Malicious activity
Analysis date:
2025-09-27 21:11:32 UTC
Tags:
auto redline stealer amadey botnet loader auto-reg stealc vidar themida unlocker-eject tool arch-exec rdp generic github evasion darkvision remote anti-evasion rhadamanthys
Link:
https://app.any.run/tasks/6092af99-85cc-4c52-9fa5-ffa26a5cc112

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29302/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d8b35a91dd51f6514f29e6
Tags:
cobalt overt spawn virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Launching a process
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt fingerprint microsoft_visual_cc packed unsafe xpack
Link:
https://www.filescan.io/uploads/68d8b352674d5fd6aa0eb1c4/reports/2c4996cc-d2ab-42f6-8fbb-7b56670951a9/overview
Verdict:
Malicious
Labled as:
Giant.Fragtor.Generic
Link:
https://www.hybrid-analysis.com/sample/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3
Verdict:
Malicious
File Type:
exe x32
Detections:
Trojan.Win64.SBEscape.sb Trojan.Win32.Strab.sb Trojan.Win32.Inject.sb Trojan.Win32.Crypt.sb Trojan.Win32.Agent.sb
Link:
https://opentip.kaspersky.com/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/614867a6-7e42-41c8-accf-ab103dfbfa8e
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/bdd1a586fa035a41defb97c9a5c6406a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3/
Verdict:
Malicious
Threat:
Family.RHADAMANTHYS
Link:
https://tip.neiki.dev/file/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2025-09-27 19:17:18 UTC
File Type:
PE (Exe)
AV detection:
22 of 24 (91.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iksziaimwi3lgt2vjk3zjpvsqjdicev7p4ruwxajpdqny7s5ugrq._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
0d95e636a7e133f2d04f8cdcc0e7e46628a3172f6f5e8e3f2ceea014c911fd4c
Rhadamanthys
1292a873d77a29f7c17698102795dbea54fa389460e151250877f4b487290466
Rhadamanthys
2f994afc548d528e56a029cf4481d56a3459d438b46ec38403a977bc7d70dced
Rhadamanthys
40552b3060c5758c0351895c93e3aa38234b375ef812e3577a6b6d144aa613cb
Rhadamanthys
415b94605e8ea36e31cf5efbb6262f65d375eec545e67cc1776cde3744a8cf5b
Rhadamanthys
613965e38d593894ff82b34419b95a5400054ed4519a86ff8b9a7a63cd3640b5
Rhadamanthys
8a6ac42273774f12b5e5f3bba953365cb44ca63a0dd888e301a295f34fff69fd
Rhadamanthys
a39eeadcebb774bd9b4273c198c8ce9d93c0ecd3c655325a87a9b040bd2ad495
Rhadamanthys
c61e7458636c14db4555bea09f174b1323b283f486e0618ab07e0384c6b2b12c
Rhadamanthys
c7b56b506f592ebc069f645f59b2f91dfe748506e9d3101602cc913a4e9d74b0
Rhadamanthys
error
Rhadamanthys
+ 106 additional samples on MalwareBazaar
Result
Malware family:
rhadamanthys
Create hunting rule
Score:
  10/10
Tags:
family:rhadamanthys discovery stealer
Link:
https://tria.ge/reports/250928-el1zlagm41/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Detects Rhadamanthys Payload
Rhadamanthys
Rhadamanthys family
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d4ed65c3-f235-43f7-bda8-533e1469fab0
Unpacked files
SH256 hash:
42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3
MD5 hash:
bdd1a586fa035a41defb97c9a5c6406a
SHA1 hash:
4c6003d6ac04fd2a6ac9f5d24757423b7c679aec
Link:
https://www.unpac.me/results/f35a0356-23f5-436b-ae76-2f977a9edfff/
Malware family:
Rhadamanthys
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/42a594010cb2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Executable exe 42a594010cb236b34f554ab794beb282468112bf7f234b5c0978e0dc7e5da1a3

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3630970/
Cape
Cape
https://www.capesandbox.com/analysis/29302/

Comments