MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b
SHA3-384 hash: 8fcc47803f5b45117c26e20e542464c4daf99adcbf76845a008590bcdfb1b4390401ca1b7bb15d10c1f9b0c24d5f6da3
SHA1 hash: a58afced8d17763bbd88ddb12c8097bcdb9ac1f5
MD5 hash: eb12568ee795a5602acfc19b0f3efc86
humanhash: pluto-arizona-papa-venus
File name:SecuriteInfo.com.Win32.MalwareX-gen.98384314
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:95'232 bytes
First seen:2025-09-06 07:14:53 UTC
Last seen:2025-09-06 08:14:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a2c6c953a3c96df6769899324d1ff90 (55 x Rhadamanthys)
ssdeep 1536:vUt+IdkltWXjMBXsHmq7pZKi61v+yrzZziuNpRabAhgnwCqlylHZasWlTcdRpkNr:vUMntAGqai61v+y5ziepRa8hgnw+l5kQ
Threatray 426 similar samples on MalwareBazaar
TLSH T153936C11B4D1C871E67119761C74DAB18B3EF9701F619EEB339816BA0F341C09A3AA6B
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe Rhadamanthys

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b.exe
Verdict:
No threats detected
Analysis date:
2025-09-06 06:19:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/93a7b0d2-e0db-4bfb-a611-3eca61b57402

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/25978/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.98384314.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68bbd25d3e988eb6ab840821
Tags:
downloader shellcode dropper
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a window
Connection attempt
Sending an HTTP GET request
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Launching a process
DNS request
Sending a UDP request
Reading critical registry keys
Searching for the window
Unauthorized injection to a recently created process
Unauthorized injection to a system process
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
microsoft_visual_cc unsafe
Link:
https://www.filescan.io/uploads/68bbdfdf20d0ee406d97c09b/reports/599d09bb-1340-4585-8cfd-57ae2cf4b758/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-05T15:25:00Z UTC
Last seen:
2025-09-05T15:25:00Z UTC
Hits:
~100
Detections:
PDM:Trojan.Win32.Generic Trojan.Win32.Strab.sb Trojan.Win32.Shellcode.sb VHO:Trojan-PSW.Win32.Rhadamanthys.gen Trojan-PSW.Win32.Rhadamanthys.sb Trojan.Win64.SBEscape.sb Trojan.Win64.Agentb.sb Trojan.Win32.Crypt.sb HEUR:Trojan.Win64.Donut.a HEUR:Trojan.Multi.Donut.b Trojan.Win32.Shellcode.eym
Link:
https://opentip.kaspersky.com/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9ae0c7f3-a9d6-4b8b-bdbd-25b958bb7d30
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/eb12568ee795a5602acfc19b0f3efc86
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b/
Verdict:
Malicious
Threat:
Family.DONUTLOADER
Link:
https://tip.neiki.dev/file/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b
Threat name:
Win32.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-05 19:35:38 UTC
File Type:
PE (Exe)
AV detection:
9 of 36 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvsgphu5mslmmmrbjuq4r4zvpe3pl5p2i4rg233xbllirg626j5q._file
Verdict:
malicious
Label(s):
donut_injector
Create hunting rule
rhadamanthys
Create hunting rule
Similar samples:
018f9ba428f4e3360bb6ee7c42f5f475bda12ae71a430d603a4a5e8ea94fdcf9
Rhadamanthys
155f53209e7e4aacf1efb3c929a2aaa659f98f9dd3ff703d0eed9ff7379a7da3
Rhadamanthys
3857aac49d606c982a866f460de14a479c1482d672d1b17392555e69b8ff6dcd
Rhadamanthys
3bba74cfd49abd4c1f7049d22755e831629c4921490cac52f2bf51da40135f84
Rhadamanthys
3c2d3dd2705831ed8bd4fc730ee21877b8a28b54455c0332e3eeba157707bcb7
Rhadamanthys
47767a97c828554f2092c5e2fc505e103ff42114cd75071fd69e16111037a83a
Rhadamanthys
6b5266685f3fe4ca9e4d7cf5b16b26fcae1c215eb9933eb471240d4daaecdaf5
Rhadamanthys
88a82bdbb8f6efe6448316c05c881d65b564efb9bd7588363683fa07d11b8a86
Rhadamanthys
c15c39e7628e8bf11ac38641c9a15875db3121f631787612791f34338450ecd6
Rhadamanthys
e2a94c188a5479f2239b8cecfaaba3c0fabffff51538727cc5b0bd9c8e059818
Rhadamanthys
error
Rhadamanthys
+ 416 additional samples on MalwareBazaar
Result
Malware family:
rhadamanthys
Create hunting rule
Score:
  10/10
Tags:
family:donutloader family:rhadamanthys discovery loader stealer
Link:
https://tria.ge/reports/250906-h34ctsal9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
System Location Discovery: System Language Discovery
Detects DonutLoader
Detects Rhadamanthys Payload
DonutLoader
Donutloader family
Rhadamanthys
Rhadamanthys family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/51c98a07-87cd-4750-82b6-f2e6af37ee1d
Unpacked files
SH256 hash:
8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b
MD5 hash:
eb12568ee795a5602acfc19b0f3efc86
SHA1 hash:
a58afced8d17763bbd88ddb12c8097bcdb9ac1f5
Link:
https://www.unpac.me/results/f0407b73-37cc-433c-8c5f-2fecd5bfd440/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Executable exe 8564679e9d6496c632214d21c8f3357936f5f5fa47226d6f770ad6889bdaf27b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3618270/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/25978/

Comments