redline | 232a8606f4d7885ad9cb2f57955513d675ed62cb5628c965eb91b61fe2c9f249 | Triage

Submit
Reports

Overview

overview

Static

static

1

8c1f6cb3d4...d4.exe

windows7-x64

3

8c1f6cb3d4...d4.exe

windows10-2004-x64

Sharing

General

Target

232a8606f4d7885ad9cb2f57955513d675ed62cb5628c965eb91b61fe2c9f249
Size

1.3MB
Sample

241104-qgerca1ajr
MD5

7883d99ffb2f380a0d37287657e60daf
SHA1

73f175c0714f428f453a913ab646dd78aa3556e3
SHA256

232a8606f4d7885ad9cb2f57955513d675ed62cb5628c965eb91b61fe2c9f249
SHA512

38d915e09976fa3b4ec3d3af634955c66a095e93978a0726e80d4f6ff10b2fdef770418c89dcee63c190f1d7abb2ce5ffafcdac44e49c31cf02d50365d0a6ffd
SSDEEP

24576:VALDU4dV7AhkVMH0s/vJ3yVjesBn4Txqf7AoobMGLNXuNvo7uRrApH:VUvf7ABH0I3yIAn8xWAHbMGLNe9jRC

Score

10^/10

redline rhadamanthys februm2 discovery infostealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

8c1f6cb3d4124612705c2b607a07de101ac025a9a969fe4f8076361d63ddd0d4.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c1f6cb3d4124612705c2b607a07de101ac025a9a969fe4f8076361d63ddd0d4.exe

Resource

win10v2004-20241007-en

redline rhadamanthys februm2 discovery infostealer stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

februm2

C2

5.75.172.247:11969

Attributes

auth_value
85624adef57d62e6e1b978ecfa9417da

Extracted

Family

rhadamanthys

C2

http://109.206.243.168/upload/libcurl.dll

Targets

- Target
  
  8c1f6cb3d4124612705c2b607a07de101ac025a9a969fe4f8076361d63ddd0d4.exe
- Size
  
  1.6MB
- MD5
  
  0de6f1d98b72c2b6dd14f1de17212162
- SHA1
  
  496a24d09fba3bc5414365e4ac32c04a2b9391e2
- SHA256
  
  8c1f6cb3d4124612705c2b607a07de101ac025a9a969fe4f8076361d63ddd0d4
- SHA512
  
  96ba787de04bdb05f8dcf7b6e954404d1a67f589e5e80b4cc5162a5b9a827270e10e47ea13f2d5b5bcde6a1a510487583a00dd3f5fcffd641a1957a89309d3bd
- SSDEEP
  
  24576:I9AmP6qNqlGVRFqeMxY400MAuZo7Lnm1todLMtKSHZynPtYy4IN71lyg+Fwzr:Ib6qNqlGExY38AN/Zyl53l1lyxqzr
Score

10^/10

discovery redline rhadamanthys februm2 infostealer stealer
- Detect rhadamanthys stealer shellcode
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinerhadamanthysfebrum2discoveryinfostealerstealer

© 2018-2025

Terms | Privacy