Overview

overview

10

Static

static

1

Eclipse RAT.zip

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Eclipse RAT.zip

  • Size

    12.5MB

  • Sample

    241123-wmgqsavrfp

  • MD5

    30364181c2174678b94d74fcbd16f89d

  • SHA1

    640ca938cd1497f0f7bff46de48d9765949c4214

  • SHA256

    eca49914c9c9dbaad9e8ee1aaccfecb0d88a6fd610c02fbf873935467b7bf114

  • SHA512

    d916e950d80f95d4061b1be6ec829f93631aa92272545b79c46d8bc7f01ba72e84a6e6a38a47ee7cd6723547de7d2c71ecde389154aec5c0a0efd2fa55bf8652

  • SSDEEP

    393216:2xDA4Ulx6CHtKlswnb1q8EptEW7Zb2KOyUbYVNK:IUlxHHGd/E75ZSKjNK

Score
10/10
redlinerhadamanthysdiscoveryinfostealerstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://95.214.55.177:2474/fae624c5418d6/black.api

Targets

    • Target

      Eclipse RAT.zip

    • Size

      12.5MB

    • MD5

      30364181c2174678b94d74fcbd16f89d

    • SHA1

      640ca938cd1497f0f7bff46de48d9765949c4214

    • SHA256

      eca49914c9c9dbaad9e8ee1aaccfecb0d88a6fd610c02fbf873935467b7bf114

    • SHA512

      d916e950d80f95d4061b1be6ec829f93631aa92272545b79c46d8bc7f01ba72e84a6e6a38a47ee7cd6723547de7d2c71ecde389154aec5c0a0efd2fa55bf8652

    • SSDEEP

      393216:2xDA4Ulx6CHtKlswnb1q8EptEW7Zb2KOyUbYVNK:IUlxHHGd/E75ZSKjNK

    Score
    10/10
    redlinerhadamanthysdiscoveryinfostealerstealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks