General
-
Target
18be39daf69b6139f2e8c7e96cac0a5f.exe
-
Size
3.2MB
-
Sample
210608-lt6d969tp6
-
MD5
18be39daf69b6139f2e8c7e96cac0a5f
-
SHA1
f80d3598c1df89bad1bd8692162da5de4c1acd1d
-
SHA256
aa38af0f16d1e18d0e9e3ce186b7b4505fce90d26dcb925108c1923df691bd38
-
SHA512
78b1cc667c9d02716077b9cc3b994f18163b0bd2d0bb6c6408a169840fa6aacfc581e57cf9db1dc1796f2df474cca37a02dfe9e7aa55d7e4d2ed552da7e3b937
Static task
static1
Behavioral task
behavioral1
Sample
18be39daf69b6139f2e8c7e96cac0a5f.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
18be39daf69b6139f2e8c7e96cac0a5f.exe
Resource
win10v20210410
Malware Config
Extracted
metasploit
windows/single_exec
Extracted
raccoon
28198d4512d0cf31c204eddceb4471d79950b588
-
url4cnc
https://tttttt.me/capibar
Extracted
cryptbot
olmjby22.top
mortyl02.top
-
payload_url
http://vamzxy03.top/download.php?file=lv.exe
Extracted
vidar
39.2
706
https://dimashub.tumblr.com
-
profile_id
706
Targets
-
-
Target
18be39daf69b6139f2e8c7e96cac0a5f.exe
-
Size
3.2MB
-
MD5
18be39daf69b6139f2e8c7e96cac0a5f
-
SHA1
f80d3598c1df89bad1bd8692162da5de4c1acd1d
-
SHA256
aa38af0f16d1e18d0e9e3ce186b7b4505fce90d26dcb925108c1923df691bd38
-
SHA512
78b1cc667c9d02716077b9cc3b994f18163b0bd2d0bb6c6408a169840fa6aacfc581e57cf9db1dc1796f2df474cca37a02dfe9e7aa55d7e4d2ed552da7e3b937
-
CryptBot Payload
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-