MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4
SHA3-384 hash: 7ba2fd238e3529e474bc09e08c2ad8c4e302486c4036eae6a08ab4bc8a6ab559f79d7cb22c8f602da2878fbd0fbb3f06
SHA1 hash: eb89247e4bade4fdceb77321619095e31739e583
MD5 hash: 053d81c444354e40519c90959eb288cd
humanhash: hotel-sad-nebraska-princess
File name:set_upV102.zip
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:4'553'934 bytes
First seen:2025-10-17 14:41:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:Em9EKg8TRtGmOyA6snrXr3A23KBqSCoB74A:EcEvs4QGr73NqCoBb
TLSH T15F2643762BC1638821BEB23C6EC17C639757DFD98E336EDEB646C461E2189D0D50CA12
Magika zip
Reporter burger
Tags:file-pumped Rhadamanthys zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:set_upV102.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:838'860'754 bytes
SHA256 hash: 3779f7c9451e0eff10efb8d67a164cec7e0340db82973fb400d1b9023f632f58
MD5 hash: ef88d1d9011e2a7680229403cf9eb878
De-pumped file size:1'643'520 bytes (Vs. original size of 838'860'754 bytes)
De-pumped SHA256 hash: fdb35e60a509a02f08c2d67ad4ff174ad1a84f6afe2ea36613571409f90f5911
De-pumped MD5 hash: e15cca136f224797b39a056969c96c5a
MIME type:application/x-dosexec
Signature Rhadamanthys
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f255ef0cffb3244298d7d5
Tags:
n/a
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Suspicious
Labled as:
HEUR/Pumpar.Generic
Link:
https://www.hybrid-analysis.com/sample/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4
Verdict:
Clean
File Type:
zip
Link:
https://opentip.kaspersky.com/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4
Verdict:
Malware
YARA:
4 match(es)
Tags:
AutoIt CVE-2019-13232 CVE-2019-9674 CVE-2022-29225 CVE-2022-36114 CVE-2023-46104 CVE-2024-0450 Executable Malicious PDB Path PE (Portable Executable) PE File Layout Zip Archive Zip Bomb
Link:
https://app.malva.re/file/053d81c444354e40519c90959eb288cd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4
Threat name:
Win32.Trojan.Pumpar
Create hunting rule
Status:
Malicious
First seen:
2025-10-17 14:41:12 UTC
File Type:
Binary (Archive)
Extracted files:
35
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4akg3trkgeoq4aueyyq6efzoar7ccyl6mjxxti6r6z5kwtpgblsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Script
Create hunting rule
Author:@bartblaze
Description:Identifies AutoIT script. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s
Rule name:weird_zip_high_compression_ratio
Create hunting rule
Author:Maxime THIEBAUT (@0xThiebaut)
Description:Detects single-entry ZIP files with a suspiciously high compression ratio (>100:1) and decompressed size above the 500MB AV limit
Reference:https://twitter.com/Cryptolaemus1/status/1633099154623803394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Rhadamanthys

zip e0146dce2a311d0e0284c621e2172e047e21617e626f79a3d1f67aab4de60ae4

(this sample)

Rhadamanthys

Executable exe fdb35e60a509a02f08c2d67ad4ff174ad1a84f6afe2ea36613571409f90f5911

  
Dropping
SHA256 fdb35e60a509a02f08c2d67ad4ff174ad1a84f6afe2ea36613571409f90f5911
  
Dropping
MD5 e15cca136f224797b39a056969c96c5a

Comments