General
-
Target
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac
-
Size
1.5MB
-
Sample
230320-bgk6ssda8t
-
MD5
103f1dc5270469cf9414ee95dee9561f
-
SHA1
f44b74ac4e35943c1b9f85ca560595bb64a8c918
-
SHA256
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac
-
SHA512
a9909671d9b628e34add9aeff9e06d85f505229505732609d32e7db74b887e404712b8ab92d40c12e553adfad0e4eb1225d03655b107462cf316328e5bf90e88
-
SSDEEP
24576:E5SH0+xjXR3uO29j3w/2H+vttmPoADPn7axIGXliWvVznOs0O9dDNh:NhJq1HYtm+xLiWvVS+DNh
Static task
static1
Behavioral task
behavioral1
Sample
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
build_main
80.85.156.168:20189
-
auth_value
5e5c9cacc6d168f8ade7fb6419edb114
Targets
-
-
Target
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac
-
Size
1.5MB
-
MD5
103f1dc5270469cf9414ee95dee9561f
-
SHA1
f44b74ac4e35943c1b9f85ca560595bb64a8c918
-
SHA256
5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac
-
SHA512
a9909671d9b628e34add9aeff9e06d85f505229505732609d32e7db74b887e404712b8ab92d40c12e553adfad0e4eb1225d03655b107462cf316328e5bf90e88
-
SSDEEP
24576:E5SH0+xjXR3uO29j3w/2H+vttmPoADPn7axIGXliWvVznOs0O9dDNh:NhJq1HYtm+xLiWvVS+DNh
-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-