Overview

overview

10

Static

static

1

e056797b8f...44.exe

windows7-x64

1

e056797b8f...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344

  • Size

    1.4MB

  • Sample

    230308-qpgwnsbb95

  • MD5

    84c0c84b5085b751bf950f3cab6e4d8f

  • SHA1

    c734b54b6a8c6c08dad200819effe01ff0c90805

  • SHA256

    e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344

  • SHA512

    97d07c8980af255478305b5d9fd56df345e7622c79586d91480f6b85f1fad2936cd4bf45eb8b9a080421fda4c64dc791e21adc82e6b0a6d826ec2035a820e997

  • SSDEEP

    24576:+iNoZXZR84LGY+gSwCxeIrSwVkvXLFP8hX/LkzaXKrK0bU2TPjAzwzbqZATU5Rwn:4Xf84q1wmeI7VyXZikHHPLjaZAg5+xX9

Score
10/10
redlinerhadamanthyssectopratv1infostealerratstealertrojan

Malware Config

Extracted

Family

redline

Botnet

V1

C2

192.227.144.59:12210

Targets

    • Target

      e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344

    • Size

      1.4MB

    • MD5

      84c0c84b5085b751bf950f3cab6e4d8f

    • SHA1

      c734b54b6a8c6c08dad200819effe01ff0c90805

    • SHA256

      e056797b8ff24bc2be4c785c55d0e40a9e4c235ef1424741f9f29b0c28a81344

    • SHA512

      97d07c8980af255478305b5d9fd56df345e7622c79586d91480f6b85f1fad2936cd4bf45eb8b9a080421fda4c64dc791e21adc82e6b0a6d826ec2035a820e997

    • SSDEEP

      24576:+iNoZXZR84LGY+gSwCxeIrSwVkvXLFP8hX/LkzaXKrK0bU2TPjAzwzbqZATU5Rwn:4Xf84q1wmeI7VyXZikHHPLjaZAg5+xX9

    Score
    10/10
    redlinerhadamanthyssectopratv1infostealerratstealertrojan

    • Detect rhadamanthys stealer shellcode

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks