MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc
SHA3-384 hash: 4c142bc64493d65ece358d8edd631c8bc7146434bc6b0481a514d0e49c7ec16fa2398080146f13621b0d5db3b0c03275
SHA1 hash: 2e4f346458fc0ca1d7624fa9a039cd19d7ea9ab4
MD5 hash: 70cd22059538fc8d0ddd2b85e7d2c2f5
humanhash: oven-speaker-muppet-bacon
File name:SecuriteInfo.com.Trojan.SuspectCRC.30700.19841
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:3'588'096 bytes
First seen:2025-11-04 17:38:09 UTC
Last seen:2025-11-04 18:39:01 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:mHmZZni6/uj2Sjg8J316HpuppPEpZaVBgj4roL:UY9mKS9fgpu564r
Threatray 27 similar samples on MalwareBazaar
TLSH T1DFF5339BB8452328C52B4EF2C35031D57136EEE137BB118D3CA5F9CE8C7689482E65DA
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter SecuriteInfoCom
Tags:msi Rhadamanthys

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/35334/
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6909ef709942f1282ecbee7b
Tags:
virus
Gathering data
Verdict:
Malicious
Labled as:
Generik.EQPTMXR trojan
Link:
https://www.hybrid-analysis.com/sample/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc
Verdict:
Malicious
File Type:
msi
First seen:
2025-11-03T12:30:00Z UTC
Last seen:
2025-11-05T10:18:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.OLE2.Alien.gen Trojan.Win64.SBEscape.sb Trojan.Win32.Strab.sb Trojan.Win32.Penguish.sb Trojan.Win32.Crypt.sb
Link:
https://opentip.kaspersky.com/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc/results?tab=lookup
Score:
2%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
CAB:COMPRESSION:LZX Executable Office Document PDB Path PE (Portable Executable) PE File Layout
Link:
https://app.malva.re/file/70cd22059538fc8d0ddd2b85e7d2c2f5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc/
Verdict:
Malicious
Threat:
Family.RHADAMANTHYS
Link:
https://tip.neiki.dev/file/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3dyr7ylgmysvws7cufsbnxqxmil4kh475cqgh3az35tjd74cud6a._file
Verdict:
malicious
Label(s):
hijackloader
Create hunting rule
rhadamanthys
Create hunting rule
Similar samples:
057ab7dcbd03786d234543ced23a4fe58f2d0d29d2aa28ad8f73b78270d5c5e6
Rhadamanthys
4ceec9e93a1021697e5e23ac3e67cf886dadf683e3ddc40f7a2c770115027cbd
Rhadamanthys
6dd552765a28ec262d26a77e8838acf422b504d59c8c74ccc98c3680b8914134
Rhadamanthys
9007661e48e9d4b325029b08a941aa99d315e33be6496380dacf238f0b95ccf3
Rhadamanthys
a8a4d5359e832c8d0c8068f84e94d373ada45e8f3590ba02931000bcf37d3b11
Rhadamanthys
ad81b2f47eefcdce16dfa85d8d04f5f8b3b619ca31a14273da6773847347bec8
Rhadamanthys
c8251d1aba99075ce6f8f735b72015c2589e936bcdf544f87c5947324ec8b056
Rhadamanthys
df605aa20e6a2d09ceefd7db62e7ff24c6495007f5dc2a453e66a6dc8090b1d7
Rhadamanthys
ec9a9dbe295a2d36ee807934a1acdd00fb7de1befa3bdda7cae45d3d659dff1a
Rhadamanthys
error
Rhadamanthys
+ 17 additional samples on MalwareBazaar
Result
Malware family:
rhadamanthys
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader family:rhadamanthys discovery loader persistence privilege_escalation ransomware stealer
Link:
https://tria.ge/reports/251104-v739vawkem/
Behaviour
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Enumerates connected drives
Detects HijackLoader (aka IDAT Loader)
Detects Rhadamanthys Payload
HijackLoader
Hijackloader family
Rhadamanthys
Rhadamanthys family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7e6828eb-e798-4210-a18d-5bb9535b4f63
Malware family:
IDATLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d8f11fe16666/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Microsoft Software Installer (MSI) msi d8f11fe16666255b4be2a16416de176217c51f9fe8a063ec19df6691ff82a0fc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3696206/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/35334/

Comments