Extracted

• • Target

    c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606

  • Size

    12.1MB

  • MD5

    e94abe514202de0a3e24c0f45ccea8a6

  • SHA1

    27770fa35ea2ca6e1cd87f669e21f5e29cfaa381

  • SHA256

    c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606

  • SHA512

    1fe72a35e6e0da642c42848d5009538ab97d5e833466abd25f2aa03e96f8b637a2a9a30054c8ebdf4cdf80570e39f387c9b6a535105a3e9b36b846570114c0d3

  • SSDEEP

    196608:bI14Cek0gfc3haxZH+fiE1jlKkbSPSvFWuFBGFV42uL7e:bKekhfcuZH+XKgHFW+BGFVE7e

  Score

  10^/10

  redlinerhadamanthysdiscoveryinfostealerstealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2