General
-
Target
778202b3ab21bc6c566c5464762fbd1f.exe
-
Size
354KB
-
Sample
210520-6lhpjv9vs6
-
MD5
778202b3ab21bc6c566c5464762fbd1f
-
SHA1
308506cd3d0e96683bbd918aaa4abcbfd72c665d
-
SHA256
c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72
-
SHA512
798dfe932e0f9c4e29aa86501a91a6181cac4ad0c520e3e0ef7468212723e49a26913ea9f8eb7117daac50f15023f22ee13408be5d86d3ceca38fe8b12905729
Static task
static1
Behavioral task
behavioral1
Sample
778202b3ab21bc6c566c5464762fbd1f.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
778202b3ab21bc6c566c5464762fbd1f.exe
Resource
win10v20210408
Malware Config
Extracted
vidar
38.8
719
https://HAL9THapi.faceit.comlegomind
-
profile_id
719
Extracted
cryptbot
sogfvk42.top
mormyv04.top
-
payload_url
http://douive05.top/download.php?file=lv.exe
Targets
-
-
Target
778202b3ab21bc6c566c5464762fbd1f.exe
-
Size
354KB
-
MD5
778202b3ab21bc6c566c5464762fbd1f
-
SHA1
308506cd3d0e96683bbd918aaa4abcbfd72c665d
-
SHA256
c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72
-
SHA512
798dfe932e0f9c4e29aa86501a91a6181cac4ad0c520e3e0ef7468212723e49a26913ea9f8eb7117daac50f15023f22ee13408be5d86d3ceca38fe8b12905729
-
CryptBot Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-