Overview

overview

10

Static

static

1

594799c095...36.exe

windows7-x64

1

594799c095...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    594799c0954909a57334da81f783f46dcdbf8e275f85376f4e924c0db9629536

  • Size

    1.9MB

  • Sample

    241105-hf58xayqej

  • MD5

    bd061f324fe93a101194c1233d731cc9

  • SHA1

    59613b072c8755d17b22e0d4d908021708545088

  • SHA256

    594799c0954909a57334da81f783f46dcdbf8e275f85376f4e924c0db9629536

  • SHA512

    92f885ea4f332bdb6f25261d32eac13fd632ce1f4ece48a82d15e47d5f0fd248a41c715d0853bf9ce67208d839c006bcf2d19a0e9057d140acf99ec1f593e715

  • SSDEEP

    24576:lWYifwafT73ARA3/bSonGxysx/Z2e91kOZg18wcG4TgCcmYsruug:lidT4wXWwr98NTgCpdvg

Score
10/10
redlinerhadamanthysppilab_20230110discoveryinfostealerstealer

Malware Config

Extracted

Family

redline

Botnet

PPILAB_20230110

C2

179.43.175.174:80

Attributes
  • auth_value

    0b4817e037a97cddb9de49b467d5e0e3

Extracted

Family

rhadamanthys

C2

http://109.206.243.168/upload/libcurl.dll

Targets

    • Target

      594799c0954909a57334da81f783f46dcdbf8e275f85376f4e924c0db9629536

    • Size

      1.9MB

    • MD5

      bd061f324fe93a101194c1233d731cc9

    • SHA1

      59613b072c8755d17b22e0d4d908021708545088

    • SHA256

      594799c0954909a57334da81f783f46dcdbf8e275f85376f4e924c0db9629536

    • SHA512

      92f885ea4f332bdb6f25261d32eac13fd632ce1f4ece48a82d15e47d5f0fd248a41c715d0853bf9ce67208d839c006bcf2d19a0e9057d140acf99ec1f593e715

    • SSDEEP

      24576:lWYifwafT73ARA3/bSonGxysx/Z2e91kOZg18wcG4TgCcmYsruug:lidT4wXWwr98NTgCpdvg

    Score
    10/10
    redlinerhadamanthysppilab_20230110discoveryinfostealerstealer

    • Detect rhadamanthys stealer shellcode

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Redline family

      redline

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks