MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76909220e84a6a5eb0096aa3d2e598a458c81674db63758d64c417a44bff6a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	76909220e84a6a5eb0096aa3d2e598a458c81674db63758d64c417a44bff6a58
SHA3-384 hash:	12b667e59da529d6b2069590961c31b061dc640326b227eb060e141d2b26c153c704a76c790288dec1d2679bf28079bc
SHA1 hash:	63196c9e5ce331034d632b2c5556c56600b1a8e0
MD5 hash:	4cb90b0396cf0a412bc407aeee7b50f7
humanhash:	seven-lithium-potato-muppet
File name:	MetaLab.exe
Download:	download sample
Signature	Rhadamanthys Alert Create hunting rule
File size:	85'547'290 bytes
First seen:	2025-08-21 16:13:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b2e426b78f8291fe9c5a3f4a8555e42d (2 x NodeLoader, 1 x Rhadamanthys)
ssdeep	786432:zo4cR8Ez2LD+RZiZ71RE/x+npgPVlcmHps:zobRbz2LYxD4
TLSH	T19A187C5263F609D6E9FB9A3499E65213DA73BC063F3086CB324C172A1F736E04976721
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
dhash icon	71f092b2b2b2f071 (1 x Formbook, 1 x Rhadamanthys)
Reporter	burger
Tags:	exe Rhadamanthys stealer

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

127

Origin country :

NL

Vendor Threat Intelligence

ANY.RUN

Malware family:

n/a

ID:

1

File name:

MetaLab.exe

Verdict:

No threats detected

Analysis date:

2025-08-21 16:11:13 UTC

Tags:

wmi-base64

Link:

https://app.any.run/tasks/5d8ecd66-e97e-44b1-ac49-f2bc44de4374

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CyberFortress Clean

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68a7452ec2f5296a1a289865

Tags:

n/a

Dr. Web vxCube Clean

Result

Verdict:

Clean

Maliciousness:

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

adaptive-context anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc nexe overlay overlay packed threat

Link:

https://www.filescan.io/uploads/68a745f87137d68458362aaa/reports/ac28cd6d-9ba8-40a5-bafb-8defca1b169f/overview

Hybrid Analysis Malware/Generic

Verdict:

Suspicious

Labled as:

Malware/Generic

Link:

https://www.hybrid-analysis.com/sample/76909220e84a6a5eb0096aa3d2e598a458c81674db63758d64c417a44bff6a58

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1762192

Signature

Yara detected NexeCompiled Binary

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

88%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/76909220e84a6a5eb0096aa3d2e598a458c81674db63758d64c417a44bff6a58

CERT.PL MWDB

Gathering data

Neiki Clean

Verdict:

Clean

Link:

https://tip.neiki.dev/file/76909220e84a6a5eb0096aa3d2e598a458c81674db63758d64c417a44bff6a58

ReversingLabs TitaniumCloud Win64.Trojan.Generic

Threat name:

Win64.Trojan.Generic

Alert

Create hunting rule

Status:

Suspicious

First seen:

2025-08-21 16:11:16 UTC

File Type:

PE+ (Exe)

Extracted files:

58

AV detection:

4 of 24 (16.67%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o2ijeihijjvf5majnkr5fzmyurmmqftu3nrxldleyql2is77njma._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250821-tp24dsdk9y/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.