MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd
SHA3-384 hash: 767ad81aae9f89aa0f1dbc9d7e3cced275f3cd1632cb53b284c3a968f56f3fc5a79101b247c252c6089dc8370d89f98f
SHA1 hash: ef16612a2c100c538f5bacbc78fc11a8d343960b
MD5 hash: 53f4302d2ff44399df8f4125009bc54a
humanhash: connecticut-twelve-purple-xray
File name:BeSOFT.rar
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:7'867'136 bytes
First seen:2025-10-14 10:13:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 2025
ssdeep 196608:QFiAqRleiOvz72aqm875TykvETK/jfcVnx6/xvT66mCnMTGM45:yfMOeJ75GkvEW/jIIx66mCGGl5
TLSH T14C86333C20940C27EA612C7EFC6F6CAB5D4E3DD556B6013585B1C4292EADE2F827D92C
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:pw-2025 rar Rhadamanthys

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
NL NL
File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:Setup.exe
File size:863'232 bytes
SHA256 hash: 82628076e3c04a65f04a70b0fb727c43e6ab2e428ce7922b008451dbf7e57b31
MD5 hash: a97c3a921112d0f636f6297b2043bed1
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:code.dll
File size:6'083'856 bytes
SHA256 hash: 0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99
MD5 hash: b9de917b925dd246b709bb4233777efd
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:libs.dll
File size:6'024'304 bytes
SHA256 hash: 29f02a06beb7cc0126de3bdf24d9e7aebc4f48cd3d28ee3dc450b224d49412be
MD5 hash: b9f265fdf70eb0f6b51b744ca3a99b16
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:update.dll
File size:732'984 bytes
SHA256 hash: 5a00c04781ff45a57da3e8f8b070e1ac17c67065eff31eebd625d7d868ab4694
MD5 hash: bec13bae81a43f179f613efe8d4ef717
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:x32.dll
File size:2'871'272 bytes
SHA256 hash: a7505c4881ff78f9de4ebbf5c2291c41cffb753acaf6d5d38e4cde072e25cb99
MD5 hash: ee5d5403e37da606f837dc519f5293ab
MIME type:application/x-dosexec
Signature Rhadamanthys
File name:readme.txt
File size:100 bytes
SHA256 hash: f5ff7168d36560b3758d92e01348bfb6154782b30825b86d583cd38938bdff79
MD5 hash: 986eac0a924a1f63caf8c8573c99a14a
MIME type:text/plain
Signature Rhadamanthys
File name:locales.dll
File size:4'927'168 bytes
SHA256 hash: 86110ac1986ff0e4f35e1a797a3ede99233c4a5bd12edacc6dd45750e22b4171
MD5 hash: a0e144c863861b358e3bce3e99916ba3
MIME type:application/x-dosexec
Signature Rhadamanthys
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ee228e04e22ce9acd9e7b3
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd
Verdict:
Unknown
File Type:
rar
Link:
https://opentip.kaspersky.com/f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Link:
https://app.malva.re/file/53f4302d2ff44399df8f4125009bc54a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-14 01:15:21 UTC
File Type:
Binary (Archive)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zxl2vniwlayokxxcqurx3bh2jshpn2i7sf35elmgkssvja3nd6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251014-nkqlxahp7z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Rhadamanthys

rar f66ebd55a8b2c1872af714291bec27d26477b748fc8bbe916c32a52aa41b68fd

(this sample)

Rhadamanthys

Executable exe 82628076e3c04a65f04a70b0fb727c43e6ab2e428ce7922b008451dbf7e57b31

  
Dropping
SHA256 82628076e3c04a65f04a70b0fb727c43e6ab2e428ce7922b008451dbf7e57b31
  
Dropping
MD5 a97c3a921112d0f636f6297b2043bed1

Comments