redline | 0002ab37c265250dc388afc14e44b8b9362d941db7634df5bad9fa7d7c287b19 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

1.4MB
Sample

230520-p2cbaafa4z
MD5

0f16ee89f88b541aea1867c8b6b44868
SHA1

efa65c4c60ab0123246b10b300b4a11fe0eba325
SHA256

0002ab37c265250dc388afc14e44b8b9362d941db7634df5bad9fa7d7c287b19
SHA512

8f9f477d5a1a217d8080b2f008084b7f87ab14263c5f7f3c16250c4d7112e825b4a8bb1646e964222d91a167566bde3010960d17cb1f789567054b12aa616855
SSDEEP

24576:J7u0QUm8sMWyLCB3aO+AhcE/evoBNMhgNkTjR2iRRZj0tJqeRXigd0ojgKa8LAqx:tFDAMcMhgNmF7ZIue5igd9pGqx

Score

10^/10

redline rhadamanthys duc chim to infostealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

redline rhadamanthys duc chim to infostealer stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Duc Chim To

C2

37.220.87.42:42870

Attributes

auth_value
d9fe4a9a9a6e66623fb33c09b6303d5a

Targets

- Target
  
  tmp
- Size
  
  1.4MB
- MD5
  
  0f16ee89f88b541aea1867c8b6b44868
- SHA1
  
  efa65c4c60ab0123246b10b300b4a11fe0eba325
- SHA256
  
  0002ab37c265250dc388afc14e44b8b9362d941db7634df5bad9fa7d7c287b19
- SHA512
  
  8f9f477d5a1a217d8080b2f008084b7f87ab14263c5f7f3c16250c4d7112e825b4a8bb1646e964222d91a167566bde3010960d17cb1f789567054b12aa616855
- SSDEEP
  
  24576:J7u0QUm8sMWyLCB3aO+AhcE/evoBNMhgNkTjR2iRRZj0tJqeRXigd0ojgKa8LAqx:tFDAMcMhgNmF7ZIue5igd9pGqx
Score

10^/10

redline rhadamanthys duc chim to infostealer stealer
- Detect rhadamanthys stealer shellcode
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinerhadamanthysduc chim toinfostealerstealer

© 2018-2024

Terms | Privacy