General
-
Target
COVERT-Pro-Inst (1).exe
-
Size
30.9MB
-
Sample
210325-bvf4p5t18e
-
MD5
604aaadd302aac9e9d783bd8910ce594
-
SHA1
f6500c98ff55c6a974ed02194ff0be25d96ec9f8
-
SHA256
41a0c8a3158186712649e53fce67714641bf8d3e485731255ab9b3a954da7046
-
SHA512
b25b97fb60aeb9baa15f68be02963d9ac074040f989705fbfcfae825bcc8799998e705c9691371538d64401b1432444df60b2a7881b6b5b3b6f1b21b7eba0feb
Static task
static1
Behavioral task
behavioral1
Sample
COVERT-Pro-Inst (1).exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
COVERT-Pro-Inst (1).exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
COVERT-Pro-Inst (1).exe
Resource
win10v20201028
Malware Config
Extracted
icedid
1235390667
Targets
-
-
Target
COVERT-Pro-Inst (1).exe
-
Size
30.9MB
-
MD5
604aaadd302aac9e9d783bd8910ce594
-
SHA1
f6500c98ff55c6a974ed02194ff0be25d96ec9f8
-
SHA256
41a0c8a3158186712649e53fce67714641bf8d3e485731255ab9b3a954da7046
-
SHA512
b25b97fb60aeb9baa15f68be02963d9ac074040f989705fbfcfae825bcc8799998e705c9691371538d64401b1432444df60b2a7881b6b5b3b6f1b21b7eba0feb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-