General
-
Target
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344
-
Size
1.4MB
-
Sample
230308-qpgwnsbb95
-
MD5
84c0c84b5085b751bf950f3cab6e4d8f
-
SHA1
c734b54b6a8c6c08dad200819effe01ff0c90805
-
SHA256
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344
-
SHA512
97d07c8980af255478305b5d9fd56df345e7622c79586d91480f6b85f1fad2936cd4bf45eb8b9a080421fda4c64dc791e21adc82e6b0a6d826ec2035a820e997
-
SSDEEP
24576:+iNoZXZR84LGY+gSwCxeIrSwVkvXLFP8hX/LkzaXKrK0bU2TPjAzwzbqZATU5Rwn:4Xf84q1wmeI7VyXZikHHPLjaZAg5+xX9
Static task
static1
Behavioral task
behavioral1
Sample
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
V1
192.227.144.59:12210
Targets
-
-
Target
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344
-
Size
1.4MB
-
MD5
84c0c84b5085b751bf950f3cab6e4d8f
-
SHA1
c734b54b6a8c6c08dad200819effe01ff0c90805
-
SHA256
e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344
-
SHA512
97d07c8980af255478305b5d9fd56df345e7622c79586d91480f6b85f1fad2936cd4bf45eb8b9a080421fda4c64dc791e21adc82e6b0a6d826ec2035a820e997
-
SSDEEP
24576:+iNoZXZR84LGY+gSwCxeIrSwVkvXLFP8hX/LkzaXKrK0bU2TPjAzwzbqZATU5Rwn:4Xf84q1wmeI7VyXZikHHPLjaZAg5+xX9
-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
SectopRAT payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-