MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271
SHA3-384 hash: f49b1dc138338415fe8bdeedeb42a5669dcc3fb5656f3f72a4276bd2ff45dc3d00f8f8db9e1b80bb2f27405a9d6e2fbb
SHA1 hash: 5685157bc6ffdf388c37827d33a9730f0fbc2121
MD5 hash: 11cc32b6c1b758675c857544b6e73292
humanhash: nineteen-march-island-fix
File name:fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271.bin.exe
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:1'991'680 bytes
First seen:2025-10-26 16:31:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:aha6kQvRfDf55tdv4DdgjnNne9+5/G7xnYIoK/uIV3n7:caPCTt2snBec5axYIxui
Threatray 2'054 similar samples on MalwareBazaar
TLSH T108953337CE78358DCF8B1A7D9C6B91501A2D752411E826C9009F13B81F6BED673BAC68
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter abuse_ch
Tags:exe Rhadamanthys

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
SE SE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271.bin.exe
Verdict:
No threats detected
Analysis date:
2025-10-26 02:28:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/79a892a3-352a-4d95-a4ff-b4110a69c4ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34158/
Detection(s):
SecuriteInfo.com.Trojan.Lumma-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fe4cee3bdc93eb05649794
Tags:
virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for analyzing tools
Creating a window
DNS request
Connection attempt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade microsoft_visual_cc obfuscated overlay overlay packed packed themidawinlicense zero
Link:
https://www.filescan.io/uploads/68fe4ce93a79800405f748d9/reports/e46d9662-92b2-41b2-8473-43c7f1f1d319/overview
Verdict:
Malicious
Labled as:
Symmi.Generic
Link:
https://www.hybrid-analysis.com/sample/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-25T23:22:00Z UTC
Last seen:
2025-10-27T19:00:00Z UTC
Hits:
~10
Detections:
Trojan.Win32.Agent.sb Trojan.Win32.Strab.sb HEUR:Trojan-PSW.Win32.Lumma.pef HEUR:Backdoor.Win32.Generic Trojan.Win64.SBEscape.sb Trojan.Win32.Inject.sb
Link:
https://opentip.kaspersky.com/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cae0b54d-a83a-4f39-b0f0-14ed599c2aa6
Result
Threat name:
RHADAMANTHYS
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1801995
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Potentially malicious time measurement code found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Yara detected RHADAMANTHYS Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/11cc32b6c1b758675c857544b6e73292
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271/
Verdict:
Malicious
Threat:
Trojan.Win32.Lumma
Link:
https://tip.neiki.dev/file/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271
Threat name:
Win32.Trojan.Amadey
Create hunting rule
Status:
Malicious
First seen:
2025-10-26 05:19:36 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
31 of 38 (81.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7viiig6zyk5q47gsd4vyiftb5kdpjnnvzgalb3aglgbvsaznsjyq._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
1e3ac5879e4cb55c7903ff0fcf3cbcddfb81faaa9e2fa6810ca17302eabd7ee9
Rhadamanthys
2af8a3d77c5c9d595fa21dd8f516f4f8fa9cf5cb61ad05dd9a3e2fc89148534f
Rhadamanthys
4e88e97019fa8f35358f01b9938a7cfa84bafd15cc8f029158817b3737e6fd98
Rhadamanthys
9ad0d98bbf8b5df4df29d24bf84fb1b2e10d35d9f4d8824afac4b140fbe57621
Rhadamanthys
a34b6a0f667b145a5034d2a7c0cd96eb1636b0ba98055c490dce3fc3fa89d2a9
Rhadamanthys
a441e76246ce6a7f26b8fef2f6a759672928d09cdfce7ba503701915fd69fb88
Rhadamanthys
a8b9acc89b79999ac9ff94155b6d040b56134d446f6ca934dc000ae8c09c9e9c
Rhadamanthys
b0b48aa9568b6d148cd149808d410076dac5bfffe91ee07acb913377a86fe42c
Rhadamanthys
b42256a0e9632bda5338a23bbbb8a750f204b343d6f561d3412baef66077739f
Rhadamanthys
error
Rhadamanthys
+ 2'044 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery
Link:
https://tria.ge/reports/251026-t1n1xaslhr/
Behaviour
Suspicious behavior: EnumeratesProcesses
System Location Discovery: System Language Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2c30d74c-7e3e-4886-bdab-2a947314cd63
Unpacked files
SH256 hash:
fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271
MD5 hash:
11cc32b6c1b758675c857544b6e73292
SHA1 hash:
5685157bc6ffdf388c37827d33a9730f0fbc2121
Link:
https://www.unpac.me/results/63d0f660-a95c-4cc2-af64-ac3077d3706f/
SH256 hash:
ddcd783b49b0c49c167aae1f725306c88d2529df819b49848c52f70dbba131cc
MD5 hash:
b32a6d7373d7e1972806d84ca6fcebbd
SHA1 hash:
c26ad29175a001770bb0992660a95f65494a66bc
Link:
https://www.unpac.me/results/63d0f660-a95c-4cc2-af64-ac3077d3706f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd50841bd9c2bb0e7cd21f2b841661ea86f4b5b5c980b0ec06598359032d9271

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/34158/

Comments