MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a
SHA3-384 hash: b5cf36d4bfd5176a43217a7c19ab6775c9418820efa8e20674a6ed51b19e4d62a8ce84fe5b530d08466b5c564483915a
SHA1 hash: 4b3cc358dfd8c6347f5efcdf73b76b8f8a94c40a
MD5 hash: a9569575c9141703567310979b1c8009
humanhash: south-autumn-berlin-texas
File name:file
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:2'041'856 bytes
First seen:2025-10-30 23:53:42 UTC
Last seen:2025-10-30 23:53:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:Rha6k/O7K+CoStcn2sElpyOTfTHdx0m5U2OwEeN7:/aP27K+iV3eO/h1geN7
Threatray 628 similar samples on MalwareBazaar
TLSH T1B495333B8635A9C4E385033AE8F9DF5766153F93440E6DC0A206C2B5625FAF322D5E93
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 Rhadamanthys


Avatar
Bitsight
url: http://178.16.55.189/files/mr/random.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
96
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
_8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a.exe
Verdict:
Malicious activity
Analysis date:
2025-10-30 23:56:11 UTC
Tags:
rhadamanthys stealer websocket
Link:
https://app.any.run/tasks/d405838a-f9e7-4f0e-932a-0b08dba040f9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34866/
Detection(s):
SecuriteInfo.com.Trojan.Lumma-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6903fabf9942f1282ecab8f2
Tags:
overt spawn crypt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for analyzing tools
Creating a window
Launching a process
Launching the default Windows debugger (dwwin.exe)
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending a custom TCP request
Launching a service
Unauthorized injection to a system process
Verdict:
Malicious
Labled as:
Symmi.Generic
Link:
https://www.hybrid-analysis.com/sample/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-30T21:01:00Z UTC
Last seen:
2025-11-01T21:06:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-PSW.Win32.Convagent.gen HEUR:Trojan.Win32.Generic Trojan.Win32.Strab.sb HEUR:Trojan-PSW.Win32.Stealerc.gen HEUR:Trojan-PSW.Win32.Lumma.pef Trojan.Win64.SBEscape.sb Trojan.Win32.Inject.sb Trojan.Win32.Agent.sb
Link:
https://opentip.kaspersky.com/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/351e99c3-6470-4ed5-ab8f-6eb5d59f6f67
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/a9569575c9141703567310979b1c8009
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a/
Verdict:
Malicious
Threat:
Family.RHADAMANTHYS
Link:
https://tip.neiki.dev/file/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a
Threat name:
Win32.Trojan.Amadey
Create hunting rule
Status:
Malicious
First seen:
2025-10-30 23:54:11 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
31 of 38 (81.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rw4av2ezodyacusavxqcim3tgxcxeuaintcdozg2ulnqzzhelava._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
0af06d853d7b33bd9018f56716df84251ddb9034adc66dc74f6e319f45d22792
Rhadamanthys
3f330238d57306a66db5b50caa1dc9513c755f6ed840f28774260624f62ea6a3
Rhadamanthys
9d1026657594e588eee1b713f4280c20f5f8fef0c837b03231406c623abbb3ac
Rhadamanthys
a8b9acc89b79999ac9ff94155b6d040b56134d446f6ca934dc000ae8c09c9e9c
Rhadamanthys
b0b48aa9568b6d148cd149808d410076dac5bfffe91ee07acb913377a86fe42c
Rhadamanthys
ba8544b365a52505911d00cce306bb9b13309bfac0217e2e8cf874248374b39f
Rhadamanthys
error
Rhadamanthys
f6df4dd06555404078b4e028fe2ba3eefd21f28978b9dd1567e2ea18588e89fb
Rhadamanthys
fe25b82980f7a684dd6b56caee553e1e118d8755424d85b7cc47cd32a89adcb9
Rhadamanthys
+ 618 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/251030-3x6wzsvrgy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a
MD5 hash:
a9569575c9141703567310979b1c8009
SHA1 hash:
4b3cc358dfd8c6347f5efcdf73b76b8f8a94c40a
Link:
https://www.unpac.me/results/64cc7b79-83ed-420b-bfbf-4aef84c9fe66/
SH256 hash:
8081432068431e96aa0e1b86cc161d455b57ee18e02740f4a056f8f5767f0817
MD5 hash:
ed97e36532a9b7ced9062a6d5c53dc6c
SHA1 hash:
c7ea8d10bf04c93b4ae4d011ad7d443c612a6a4e
Link:
https://www.unpac.me/results/64cc7b79-83ed-420b-bfbf-4aef84c9fe66/
Malware family:
Rhadamanthys
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8db80ae89970/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Executable exe 8db80ae89970f0015240ade024337335c57250086cc43764daa2db0ce4e4582a

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/34866/

Comments