MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Rhadamanthys

Vendor detections: 13

Intelligence 13 IOCs YARA 3 File information Comments

SHA256 hash:	589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d
SHA3-384 hash:	782c8abee06f58f88685e9e28682158bf82f2d9ba75a5523c14ab5b66fd9e85f76f5c95ae4fdbf12f169bc58f7b73e95
SHA1 hash:	f086074531f3c5b8c799caacd8140468103d0d77
MD5 hash:	0a5e1973c0c1c5f4dd5975d416fa2f5a
humanhash:	quebec-seventeen-london-early
File name:	SecuriteInfo.com.Win64.MalwareX-gen.72814666
Download:	download sample
Signature	Rhadamanthys Create hunting rule
File size:	162'816 bytes
First seen:	2025-09-17 13:35:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	23aa6ede111f6ac860a5e9008f9b9673 (22 x Rhadamanthys, 4 x DonutLoader, 3 x CoinMiner)
ssdeep	3072:I3Wqg80/yh0rJuy+HR3xrM0ox+HNj27sx5TsEOwM5tsxTn1DY2Sh:I3Wqg80/yhAl+x1xQ+lrx5a6Y/
TLSH	T13BF36C57B3A520F8E177817989920A42E7B2783687619FDF036047761F277E09D3EB22
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe Rhadamanthys

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

AxISxxH.exe

Verdict:

No threats detected

Analysis date:

2025-09-17 12:10:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/235b750c-5327-4f17-9d1a-ed035b44e84f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27936/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68caa52088b954439247354f

Tags:

dropper trojan virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Connection attempt

Sending an HTTP GET request

Creating a file

Creating a process from a recently created file

Launching a file downloaded from the Internet

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

fingerprint microsoft_visual_cc obfuscated

Link:

https://www.filescan.io/uploads/68cabda40d1238ff0aadcf96/reports/286c06ca-5683-4c4c-b8f5-91ce1ef26e72/overview

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-09-17T09:20:00Z UTC

Last seen:

2025-09-17T09:20:00Z UTC

Hits:

~100

Detections:

Trojan.Win32.Agent.sb VHO:Trojan.Win32.Agent.gen VHO:Trojan-Dropper.Win32.Sysn.gen Trojan-Dropper.Win32.Sysn.dcht Trojan-Downloader.Agent.HTTP.C&C PDM:Trojan.Win32.Generic Trojan.Win32.Agent.xcacns

Link:

https://opentip.kaspersky.com/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d/results?tab=lookup

Malware family:

Rhadamanthys

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/17b9aae4-7bc3-4523-a48d-2aee48bc9c80

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/0a5e1973c0c1c5f4dd5975d416fa2f5a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d/

Verdict:

Malicious

Threat:

Win64.Malware.Heuristic

Link:

https://tip.neiki.dev/file/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

Threat name:

Win64.Infostealer.Tinba

Status:

Malicious

First seen:

2025-09-17 12:10:13 UTC

File Type:

PE+ (Exe)

AV detection:

22 of 24 (91.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lcoek2q32moyx4wru6i25767lb5vy7wsjtj4hk6ubrju5rfz6n6q._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/250917-qwls7szxft/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Executes dropped EXE

Downloads MZ/PE file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/15746d56-56e7-4fa1-857e-d53cb27eb4d5

Unpacked files

SH256 hash:

589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

MD5 hash:

0a5e1973c0c1c5f4dd5975d416fa2f5a

SHA1 hash:

f086074531f3c5b8c799caacd8140468103d0d77

Link:

https://www.unpac.me/results/77e23005-a1ab-4289-9698-2059e0afeb66/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

exe 589c456a1bd31d8bf2d1a791aeffdf587b5c7ed24cd3c3abd40c534ec4b9f37d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3625546/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/27936/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample