General
-
Target
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
-
Size
1.4MB
-
Sample
230228-jcyv4ahh8z
-
MD5
8b553db0a7ae9fe6f28574d7e7a18da9
-
SHA1
e5e62e85426fa84ef344e4de951d866754cd94c1
-
SHA256
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
-
SHA512
a4684469040d79feae3ca9c209e9854f75ef03c7c1f0092eef49b818e06c70abcce137494d213ad4c3f5315cf13e1c4723d168527cc4c0b5ce1f439da2307923
-
SSDEEP
24576:cXOpaxUScfXgjKID5YWcnnqgO5FePxuzYAWd1EuudAnU5dUKQYMeayb6vbYsvgKX:cXOYxUSoZOYvnq6gWd1wyUxM7ym8Q
Static task
static1
Behavioral task
behavioral1
Sample
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
Error
104.161.22.147:39801
-
auth_value
52717c09b6af10a8a93102c172d6a856
Targets
-
-
Target
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
-
Size
1.4MB
-
MD5
8b553db0a7ae9fe6f28574d7e7a18da9
-
SHA1
e5e62e85426fa84ef344e4de951d866754cd94c1
-
SHA256
753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
-
SHA512
a4684469040d79feae3ca9c209e9854f75ef03c7c1f0092eef49b818e06c70abcce137494d213ad4c3f5315cf13e1c4723d168527cc4c0b5ce1f439da2307923
-
SSDEEP
24576:cXOpaxUScfXgjKID5YWcnnqgO5FePxuzYAWd1EuudAnU5dUKQYMeayb6vbYsvgKX:cXOYxUSoZOYvnq6gWd1wyUxM7ym8Q
-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-