General
-
Target
Project.exe
-
Size
1.5MB
-
Sample
230831-dezyaabh9w
-
MD5
b5f6c8e7070b1ee1fc60579e148daf1b
-
SHA1
e2a7cf6d9f8d52cd0a8b469b58c268226971ce46
-
SHA256
9a192de2a9b75fc4be67d9109678f47c8f26666e8aa9d70310d1d4960b202cf0
-
SHA512
d95c3c9aabf43cae621f9ff69d3b46bfa9cc8eac5da2ba3387fdbfbd954e617a4009d58176a29f04ed38a94ad23f82f36593948ed3a17a62af1ec83b27e11c66
-
SSDEEP
24576:LE9kR+dwrLhSjOBGfE0wsEcBDm4YFnjycqQxjtGOPyIzjR47cNAlO:LEoi5wEBDmvnj/xE0yIJ/NAM
Static task
static1
Behavioral task
behavioral1
Sample
Project.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Project.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
Duc Chim To
37.220.87.42:42870
-
auth_value
d9fe4a9a9a6e66623fb33c09b6303d5a
Extracted
rhadamanthys
http://179.43.142.248/update/libssl.dll
Targets
-
-
Target
Project.exe
-
Size
1.5MB
-
MD5
b5f6c8e7070b1ee1fc60579e148daf1b
-
SHA1
e2a7cf6d9f8d52cd0a8b469b58c268226971ce46
-
SHA256
9a192de2a9b75fc4be67d9109678f47c8f26666e8aa9d70310d1d4960b202cf0
-
SHA512
d95c3c9aabf43cae621f9ff69d3b46bfa9cc8eac5da2ba3387fdbfbd954e617a4009d58176a29f04ed38a94ad23f82f36593948ed3a17a62af1ec83b27e11c66
-
SSDEEP
24576:LE9kR+dwrLhSjOBGfE0wsEcBDm4YFnjycqQxjtGOPyIzjR47cNAlO:LEoi5wEBDmvnj/xE0yIJ/NAM
Score10/10-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-