General
-
Target
877c36519ba0d5bf41fadb5a80b012ad.exe
-
Size
339KB
-
Sample
210418-e58gmbh9bj
-
MD5
877c36519ba0d5bf41fadb5a80b012ad
-
SHA1
b1f1049d20e8bb2c3eeabec94421500de233b09a
-
SHA256
3b019e395d076e03b3b4a2d9468d3acb36df69115e059119194fbd8dd6d1dd6b
-
SHA512
9a9bb58e727ce664675c97c3eb91de9f0deab59f93ec55ac5116aaa01f573d8bacd66a2b6380c528f33cdaeae8efc79172dd7aa6c463ce36db2fedd18ef522fc
Static task
static1
Behavioral task
behavioral1
Sample
877c36519ba0d5bf41fadb5a80b012ad.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
877c36519ba0d5bf41fadb5a80b012ad.exe
Resource
win10v20210408
Malware Config
Extracted
asyncrat
:
- aes_key
- anti_detection
- autorun
- bdos
- delay
- host
-
hwid
Write
- install_file
-
install_folder
SfThYiEf8sDGLjVDfx.X3463rX3XCQjG6jWaq
- mutex
- pastebin_config
- port
- version
Extracted
smokeloader
2020
http://greenco2020.top/
http://greenco2021.top/
http://greenco2022.top/
Targets
-
-
Target
877c36519ba0d5bf41fadb5a80b012ad.exe
-
Size
339KB
-
MD5
877c36519ba0d5bf41fadb5a80b012ad
-
SHA1
b1f1049d20e8bb2c3eeabec94421500de233b09a
-
SHA256
3b019e395d076e03b3b4a2d9468d3acb36df69115e059119194fbd8dd6d1dd6b
-
SHA512
9a9bb58e727ce664675c97c3eb91de9f0deab59f93ec55ac5116aaa01f573d8bacd66a2b6380c528f33cdaeae8efc79172dd7aa6c463ce36db2fedd18ef522fc
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Async RAT payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-