MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d994a393c6ccbd7650ea9d6f08a22000350a2de18d418be5a2cb6a62e5e23699. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



RapidStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: d994a393c6ccbd7650ea9d6f08a22000350a2de18d418be5a2cb6a62e5e23699
SHA3-384 hash: 5badd8c764ed54189b90514a5f2223cbfa49fb706bec3aa1d7ac0251832a07f7415baf20f7461cd3116d5dfb17cc0bcd
SHA1 hash: 377a695c4f121879b69a737f30756f5a19fc3625
MD5 hash: b5c7418f409f51bb43f1d81da5bcbd5a
humanhash: romeo-seven-fruit-sixteen
File name:FeridoGame.exe
Download: download sample
Signature RapidStealer
File size:100'943'712 bytes
First seen:2026-06-21 17:15:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (589 x GuLoader, 130 x RemcosRAT, 84 x EpsilonStealer)
ssdeep 1572864:OXY0cVtCqwohNRUSSfwsYvJ3lolczO8NMczQMFIge8cAY89Tsgt+9+flyZOXN:oYnVt8olUSWfSzDNv7e2YEp+9uyZGN
TLSH T1D92833AC976DB058D30B7B7ED1F2B5F4BA29770063F4849AD43477E89B40D98FA08219
TrID 27.0% (.EXE) Win64 Executable (generic) (6522/11/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 28969696969696e8 (18 x GenesisStealer, 3 x VexxStealer, 2 x CoinMiner)
Reporter burger
Tags:exe RapidStealer signed

Code Signing Certificate

Organisation:Rapid Inc. Development
Issuer:Rapid Inc. Development
Algorithm:sha256WithRSAEncryption
Valid from:2025-12-20T11:07:13Z
Valid to:2028-12-20T11:17:12Z
Serial number: 775fb6bf647fa8b24fd7c5383da0487c
Thumbprint Algorithm:SHA256
Thumbprint: f963dc00abb44d9e7cd3ed086d846dabea9282a4de1051be3c400a1d600a24f6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
1
# of downloads :
166
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FeridoGame.exe
Verdict:
Malicious activity
Analysis date:
2026-06-21 17:14:11 UTC
Tags:
arch-doc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Searching for the window
Сreating synchronization primitives
Creating a window
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file
Deleting a recently created file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm base64 crypto evasive expired-cert fingerprint hacktool installer installer installer-heuristic microsoft_visual_cc nsis reconnaissance signed
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
56 / 100
Signature
AI detected suspicious PE digital signature
Drops large PE files
Tries to steal communication platform credentials (via file / registry access)
Unusual module load detection (module proxying)
Behaviour
Behavior Graph:
Gathering data
Result
Malware family:
n/a
Score:
  10/10
Tags:
adware defense_evasion discovery execution linux persistence ransomware spyware stealer trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments