General
-
Target
e208ac05d1af344211cc16c917775b62.exe
-
Size
1.6MB
-
Sample
210314-zlfve8ndhx
-
MD5
e208ac05d1af344211cc16c917775b62
-
SHA1
832cd36d393d277db2762b5426a13ecb440fb1b4
-
SHA256
0af8d47a09b1f5ea9544e89eb83e8a572b8a78fcb28db74ee523da4b1797cd3e
-
SHA512
50011e2bc24b9dc9fc63addac2f8aaa833298ce1d11f02706a31e43a07bfb08baec3611794d30c154f4df98cddd1ea5a31cd059a65407e88c1c95116e3e777a8
Static task
static1
Behavioral task
behavioral1
Sample
e208ac05d1af344211cc16c917775b62.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
:
- aes_key
- anti_detection
- autorun
- bdos
- delay
- host
-
hwid
ᚫᚦᚣᚵᛴᛶ
- install_file
-
install_folder
ᒐᒝᒐᓥᓞᓃᓅᓓᓓᓕᓃᓃᓖᓅᓜᒑᒐᓠᓂᓟᓓᓕᓃᓃᒐᓴᓕᓄᓕᓓᓄᓕᓔᒑᒐᓻᓙᓜᓜᒐᓠᓂᓟᓓᓕᓃᓃᒊᒐ
- mutex
- pastebin_config
- port
- version
Targets
-
-
Target
e208ac05d1af344211cc16c917775b62.exe
-
Size
1.6MB
-
MD5
e208ac05d1af344211cc16c917775b62
-
SHA1
832cd36d393d277db2762b5426a13ecb440fb1b4
-
SHA256
0af8d47a09b1f5ea9544e89eb83e8a572b8a78fcb28db74ee523da4b1797cd3e
-
SHA512
50011e2bc24b9dc9fc63addac2f8aaa833298ce1d11f02706a31e43a07bfb08baec3611794d30c154f4df98cddd1ea5a31cd059a65407e88c1c95116e3e777a8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-