MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b026c6aebb0d937bbdb304918d921dc967ec0118904eb76deb014a551883d9c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 2


Intelligence 2 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b026c6aebb0d937bbdb304918d921dc967ec0118904eb76deb014a551883d9c5
SHA3-384 hash: f674adcfaeac1716db3f368e3f3c4569eb6ee80d76f8900b560da22aa06e52a4f6c3daccfd2e7d45adba1b1d9315304a
SHA1 hash: c996e6a82d2c93d02d7e452861bae3e11e906e22
MD5 hash: 7e9d709f9e5ee86cf6bff4d4ea7e75c9
humanhash: nuts-friend-music-king
File name:adobe_substance_3d_stager_v3.1.2_(x64)_pre-cracked.7z
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:22'346'659 bytes
First seen:2025-05-28 14:13:51 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
Note:This file is a password protected archive. The password is: 2659
ssdeep 393216:Eli52lfH7X+NplkTaQkbnQ8rOU+Xq+4yXKp79lkKeAS+j79Hvase2WCZonuXuZ:+MMmlkWh7OUB+417oANJXhou+Z
TLSH T1B837338C7059AA0E642D19F473CBEE923FCDF6F1D714AE748F0C5899197346AC0A6A0D
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:5-252-153-226 7z AutoIT CypherIT file-pumped pw-2659 Rhadamanthys


Avatar
iamaachum
https://media.verif743cloud1.cfd/Adobe_Substance_3D_Stager_v3.1.2_%28x64%29_Pre-Cracked.zip?c=APgXN2gvYwUAXFgCAEVTFwAMAAAAAAC1&s=353071 => https://arch.verif743cloud1.cfd/g/zip/Mq2BYpeWFkBXUnhZjxSaEOnz/Adobe_Substance_3D_Stager_v3.1.2_(x64)_Pre-Cracked.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:appFile.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:948'421'493 bytes
SHA256 hash: d7dc4fca3f20c1dd0a9f4c5dddab9a49a9cfe515b9a550e87a1dc591a5bc350f
MD5 hash: d2674a68b45ba1e38b947409e8ff77ba
De-pumped file size:232'448 bytes (Vs. original size of 948'421'493 bytes)
De-pumped SHA256 hash: fca17de892e0dd5ec822532f8d6f5a0100d57b6db7bb0cd0dfadc31a1f3b4175
De-pumped MD5 hash: 603ea0f3be33fb9b599f30ff993c7bef
MIME type:application/x-dosexec
Signature Rhadamanthys
Vendor Threat Intelligence
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b026c6aebb0d937bbdb304918d921dc967ec0118904eb76deb014a551883d9c5
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=watmnlv3bwjxxpntasiy3eq5zft6yaiysbhlo3plafffkged3hcq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/250528-r3sqrsxnv9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Checks computer location settings
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b026c6aebb0d937bbdb304918d921dc967ec0118904eb76deb014a551883d9c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

7z b026c6aebb0d937bbdb304918d921dc967ec0118904eb76deb014a551883d9c5

(this sample)

Rhadamanthys

Executable exe 1a1fbb17081237f5f9cbd51bfc2e52d231afb31dcf9122afcc0dddf24432461a

  
Link
https://tria.ge/250528-rejg7agp6v/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 1a1fbb17081237f5f9cbd51bfc2e52d231afb31dcf9122afcc0dddf24432461a
  
Dropping
MD5 094029e44a91c21aefcf3e0113e43ebd
  
Dropping
SHA256 fca17de892e0dd5ec822532f8d6f5a0100d57b6db7bb0cd0dfadc31a1f3b4175
  
Dropping
MD5 603ea0f3be33fb9b599f30ff993c7bef

Comments