MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf
SHA3-384 hash:	e9d74eade7033adc3e0c68d77bd0271eca081b4ff74a1a15524a8320e8016c4bd2e01bdd3e09dc8fcb6728474f9e37b6
SHA1 hash:	3ed0cb774191c908593a007f15565aeb8baee4c7
MD5 hash:	95ecc3d5eec46e73c8cb81b107dbdce4
humanhash:	minnesota-sierra-johnny-virginia
File name:	95ecc3d5eec46e73c8cb81b107dbdce4.exe
Download:	download sample
Signature	Rhadamanthys Alert Create hunting rule
File size:	421'376 bytes
First seen:	2023-05-09 06:54:31 UTC
Last seen:	2023-05-13 22:45:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e0f7442c9aae17dbc3af11473e831c4e (5 x Rhadamanthys, 2 x Stop, 1 x Smoke Loader)
ssdeep	6144:d0+zgrkQ2AcHyHL64FuqYWqxIaxx5zuO/v4cuS:PzgwQg8LPFrYW4g34
Threatray	337 similar samples on MalwareBazaar
TLSH	T189947D1372F16C61E5264A728E2EC6F8761FF9618F1937EB1217AB1F0B711A2C572702
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	0000100e21100000 (1 x Rhadamanthys)
Reporter	abuse_ch
Tags:	exe Rhadamanthys

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

260

Origin country :

NL

Vendor Threat Intelligence

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

95ecc3d5eec46e73c8cb81b107dbdce4.exe

Verdict:

Malicious activity

Analysis date:

2023-05-09 06:58:24 UTC

Tags:

rhadamanthys

Link:

https://app.any.run/tasks/fe61ef40-be64-4006-b0a8-9a16c026a3f8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox Rhadamanthys

Detection:

Rhadamanthys

Alert

Create hunting rule

Link:

https://www.capesandbox.com/analysis/387701/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Variant.Zusy.467156.1516.22230.UNOFFICIAL

Alert

Create hunting rule

Win.Packed.Trojanx-10001393-0

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6459ee4e890517bfb2b8349e/reports/957560d3-3b70-48ef-8528-121eaf33e1f0/overview

Hybrid Analysis Zusy.Generic

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Generic Malware

Malware family:

Generic Malware

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/faf3e4f0-797a-48fa-ae0f-6cfe1bcff0a4

Joe Sandbox RHADAMANTHYS

Result

Threat name:

RHADAMANTHYS

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1228919

Signature

C2 URLs / IPs found in malware configuration

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AntiVM3

Yara detected RHADAMANTHYS Stealer

Behaviour

Behavior Graph:

Download SVG

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf/

ReversingLabs TitaniumCloud Win32.Spyware.Rhadamanthys

Threat name:

Win32.Spyware.Rhadamanthys

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-05-08 22:57:45 UTC

File Type:

PE (Exe)

Extracted files:

75

AV detection:

29 of 36 (80.56%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wvrldctn67ic3lskg6cabbevqnylxgum3aq3p6c5f7j6bsvgmk7q._file

Threatray malicious

Verdict:

malicious

Similar samples:

2a47c2d84f330efa04265b34e7dc1fd149954c5f1110c6896414f313b7ce17a2

Rhadamanthys

3afa8aa568f26c6dcc9e6b32f376def4d0f54912ca431490e3b6558044fb2368

Rhadamanthys

4532489becbdf07bc0a932486ab95b497113f5600c7646b635eaea9bcfa430cd

Rhadamanthys

543c264b4e3db65f803e6a0fa4c71ac957fcb64a802e2a29dda024b58d0e7aaf

Rhadamanthys

597a4ade5d862166430037813118d0e94d993d87490fed195c0ade3fb6ab3e42

Rhadamanthys

653c12db63dc13521af00bac41d549d599d5705c81b8b8ee40988a4a0924eb22

Rhadamanthys

c58f48f203d4c0458672355b29caf31ad7ed5456cda3211eea2606452cf17a8f

Rhadamanthys

c71c91c8c6cdb4cc17f2777a9078e0863f1e9ec76555043e85286af14fe275d4

Rhadamanthys

c7e1d534ed1a723b3aaecf3a257cf2f1bea5b46fb91b8510d9ae9523a3caf457

Rhadamanthys

ccad7b6f65bf0381e93cabfceeb6e0bc5f838a37112981733b7f719f8d90087e

Rhadamanthys

+ 327 additional samples on MalwareBazaar

Hatching Triage rhadamanthys

Result

Malware family:

rhadamanthys

Alert

Create hunting rule

Score:

  10/10

Tags:

family:rhadamanthys stealer

Link:

https://tria.ge/reports/230509-hptapsge8w/

Behaviour

Detect rhadamanthys stealer shellcode

Rhadamanthys

Malware Config

C2 Extraction:

http://179.43.142.201/img/favicon.png

UnpacMe 2

Unpacked files

SH256 hash:

1797d67afc3879e8f47e41f157a56268a4a615f3e9b1e40c0b187a7915ee4107

MD5 hash:

9f086efa5c76a33e52fd2c925de924d3

SHA1 hash:

959399bcdd9e81bdb546f9559514dfad357f1361

Link:

https://www.unpac.me/results/1fb1f9d7-d5a2-49fc-849a-1e18af96ef58/

SH256 hash:

b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf

MD5 hash:

95ecc3d5eec46e73c8cb81b107dbdce4

SHA1 hash:

3ed0cb774191c908593a007f15565aeb8baee4c7

Link:

https://www.unpac.me/results/1fb1f9d7-d5a2-49fc-849a-1e18af96ef58/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

exe b562b18a6df7d02dae4a37840084958370bb9a8cd821b7f85d2fd3e0caa662bf

(this sample)

Cape

https://www.capesandbox.com/analysis/387701/

  

URLhaus

https://urlhaus.abuse.ch/url/2525167/

  

Delivery method

Distributed via web download