redline | 753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75 | Triage

Resubmissions

28-02-2023 07:32

230228-jcyv4ahh8z 10

28-02-2023 04:47

230228-fez96ahf49 10

Sharing

General

Target

753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
Size

1.4MB
Sample

230228-jcyv4ahh8z
MD5

8b553db0a7ae9fe6f28574d7e7a18da9
SHA1

e5e62e85426fa84ef344e4de951d866754cd94c1
SHA256

753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
SHA512

a4684469040d79feae3ca9c209e9854f75ef03c7c1f0092eef49b818e06c70abcce137494d213ad4c3f5315cf13e1c4723d168527cc4c0b5ce1f439da2307923
SSDEEP

24576:cXOpaxUScfXgjKID5YWcnnqgO5FePxuzYAWd1EuudAnU5dUKQYMeayb6vbYsvgKX:cXOYxUSoZOYvnq6gWd1wyUxM7ym8Q

Score

10^/10

redline rhadamanthys error infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

Error

C2

104.161.22.147:39801

Attributes

auth_value
52717c09b6af10a8a93102c172d6a856

Targets

- Target
  
  753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
- Size
  
  1.4MB
- MD5
  
  8b553db0a7ae9fe6f28574d7e7a18da9
- SHA1
  
  e5e62e85426fa84ef344e4de951d866754cd94c1
- SHA256
  
  753021473cc9dd20008a066a248be68763699d4179d19b5b00d38a8fb2710f75
- SHA512
  
  a4684469040d79feae3ca9c209e9854f75ef03c7c1f0092eef49b818e06c70abcce137494d213ad4c3f5315cf13e1c4723d168527cc4c0b5ce1f439da2307923
- SSDEEP
  
  24576:cXOpaxUScfXgjKID5YWcnnqgO5FePxuzYAWd1EuudAnU5dUKQYMeayb6vbYsvgKX:cXOYxUSoZOYvnq6gWd1wyUxM7ym8Q
Score

10^/10

redline rhadamanthys error infostealer spyware stealer
- Detect rhadamanthys stealer shellcode
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinerhadamanthyserrorinfostealerspywarestealer