Overview
overview
10Static
static
101214e5f9de...98.exe
windows7_x64
101214e5f9de...98.exe
windows10_x64
7236020bb91...f6.exe
windows7_x64
10236020bb91...f6.exe
windows10_x64
1025dc70a3de...60.exe
windows7_x64
1025dc70a3de...60.exe
windows10_x64
1054de718b63...d9.exe
windows7_x64
154de718b63...d9.exe
windows10_x64
17ae9504811...a4.exe
windows7_x64
107ae9504811...a4.exe
windows10_x64
109c2554e79b...a0.exe
windows7_x64
109c2554e79b...a0.exe
windows10_x64
10a568f22004...3b.exe
windows7_x64
8a568f22004...3b.exe
windows10_x64
8aefd0c7794...37.exe
windows7_x64
10aefd0c7794...37.exe
windows10_x64
10d68b4d6cec...27.exe
windows7_x64
10d68b4d6cec...27.exe
windows10_x64
10General
-
Target
1.zip
-
Size
20.8MB
-
Sample
210708-bakvbc7rn2
-
MD5
36b2834c2743039c4df1ce9346886c13
-
SHA1
1ee1736c4e2aae820b4d6cd80e43fea0ed6eadc6
-
SHA256
4a8e933462209a204f87c02e41e88e99541ccb85964a22d9762f443cf19af409
-
SHA512
43dc749e7002f1ba08b7066e737523a8eaf69365eb148946d6f317234a2eff010307b4210d744a23a7d8641b72ba31fe8735dfcd6d0421537c8ba1293389cd73
Behavioral task
behavioral1
Sample
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6.exe
Resource
win7v20210408
Behavioral task
behavioral4
Sample
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6.exe
Resource
win10v20210410
Behavioral task
behavioral5
Sample
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560.exe
Resource
win7v20210410
Behavioral task
behavioral6
Sample
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560.exe
Resource
win10v20210408
Behavioral task
behavioral7
Sample
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9.exe
Resource
win7v20210410
Behavioral task
behavioral8
Sample
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9.exe
Resource
win10v20210408
Behavioral task
behavioral9
Sample
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4.exe
Resource
win7v20210410
Behavioral task
behavioral10
Sample
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4.exe
Resource
win10v20210408
Behavioral task
behavioral11
Sample
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0.exe
Resource
win7v20210410
Behavioral task
behavioral12
Sample
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0.exe
Resource
win10v20210410
Behavioral task
behavioral13
Sample
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b.exe
Resource
win7v20210408
Behavioral task
behavioral14
Sample
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b.exe
Resource
win10v20210410
Behavioral task
behavioral15
Sample
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337.exe
Resource
win7v20210408
Behavioral task
behavioral16
Sample
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337.exe
Resource
win10v20210410
Behavioral task
behavioral17
Sample
d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827.exe
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.6A
95.169.210.148:6666
bavaulifmjawicwh
-
aes_key
l6KJQkyiHsJtyKPS6LFzkS17gqJqr3T8
-
anti_detection
false
-
autorun
false
-
bdos
false
- delay
-
host
95.169.210.148
-
hwid
5
- install_file
-
install_folder
%AppData%
-
mutex
bavaulifmjawicwh
-
pastebin_config
null
-
port
6666
-
version
0.5.6A
Extracted
redline
@Seno_47
45.81.227.32:22625
Extracted
redline
@Fanat_022
152.228.150.198:11188
Extracted
metasploit
windows/single_exec
Extracted
redline
Sergey
185.203.243.131:27365
Targets
-
-
Target
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98
-
Size
1.0MB
-
MD5
0d52c34732339d12e58c62cdcbcd2241
-
SHA1
b00a95fe388a69d375b4e370fa5112dda61c2ede
-
SHA256
1214e5f9dec9e4c94ccf93c4495788c8314f396ce74dbb5c15cd372411ceed98
-
SHA512
4da5f2b48663a183cc46799c02179bd5bc84a71993387742984a5c76ca92d4c7aec60d25efe758636a1a006ba8a4032a6e7763c48e9515801db8be6a98d6a3de
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6
-
Size
541KB
-
MD5
616b97038b6328ae6e45a08077df4a7a
-
SHA1
11473c1f0515f06579e7704dc036bbc620c7510a
-
SHA256
236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6
-
SHA512
4730733b4be691840fa1905fc4bfeeeba7ebb06e10d24cfe78a285a3e518a2f2ba31bbc378cda68edf4311df322fd137ed1f65d4b844737e9f0df547506c04e0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560
-
Size
405KB
-
MD5
bf2e00fc28e5f89ec6b3b457a5a245fb
-
SHA1
d42962e2e987c4cd8201badf832f3368afb09d24
-
SHA256
25dc70a3def65cca61f30ad3a818edbf0dcebbf8257a302212fd7424cc7e8560
-
SHA512
e1f61fec329fab9f0bd997e7b34945e156475a53531c30630a03c550e60c029627e5697c5efb6a0a81b2bc23e178264aabfb26c8b68153d7107d367035730b2a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9
-
Size
15.7MB
-
MD5
79339229bc0c59d7b5abba71d1c96a8e
-
SHA1
4c7c22308821a08edeacebe691da49249384de9d
-
SHA256
54de718b634d2dbddaf2530aa3b1768823dfdd97f5a2782b4131fe369e903dd9
-
SHA512
a173e48fb0cb08705e56468ffc0a6845b03b261e98d282815eebdf77f482064a9c89f84ada89ef3aa994d0727db34629ff51e021bbcf8abd6fac5354ce295af2
Score1/10 -
-
-
Target
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4
-
Size
4.5MB
-
MD5
dde0965428c655c1fabbcba5a44e7830
-
SHA1
b5118f55982bf9784bb34a3f0af738f7d409a5ff
-
SHA256
7ae95048117dcae6685b6d3206a013fc3e76631d0d4cb58a95f065d79c6cc8a4
-
SHA512
f6b83ff23e0e7102a69bf43e723f312acb0bbf95e04d7386513cc2c5b2f9e160f0f38b179688702675ecb7c4a0782fad1f007f3db59c2104aa08a7cdcc6b2e13
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
-
-
Target
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0
-
Size
359KB
-
MD5
f476fd152a5d6a53f297517f9ffca28e
-
SHA1
a0bc4cb4763de9f540fca4f97835522620087e17
-
SHA256
9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0
-
SHA512
56f683733356faa4be86883e3248ab70884c645e61dedc7ceba64eefa4813b2fda04d102e7b8c5794093f2c5918049900da987b2e235764e4ea87e78224003dc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-
-
-
Target
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b
-
Size
83KB
-
MD5
4ed7de390496be3ec2ea7fdb3804282a
-
SHA1
2c919d469853fac9a7719f59407b395e8e360a49
-
SHA256
a568f22004828c8dc2e3e31c3a8f49a89b164e1eb268f57c93430b20368cfe3b
-
SHA512
5716a8d9d86f9b1f1ad53f3fca96b5622b83ede56d370edc309a503263ad52b542b29e5d74810aed013e9f2e00b77b8c54d81aa0b43c77bfdf5bc7227251bd86
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
-
-
Target
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337
-
Size
206KB
-
MD5
70c771952bc897446d3ddad90541a1e6
-
SHA1
b00b50a893e4552651c4a5c38cf4bb9aed7a101e
-
SHA256
aefd0c77949ccb2192070d1fb122cad87c1fc3e3c841b1928e3763fadf286337
-
SHA512
33d402397289c1a828079dfdaaf3966c4b9720ffb070eeba0d5c23f4a3c6c448e4a3fd3cba2f82c712252ce03d726daabd2c66e97f950a122ffb3d5799bae56d
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827
-
Size
48KB
-
MD5
13ed5f6560bb91d089f56bd4ca015ff0
-
SHA1
f43cd2a78815c1ca4091207a8f36cc68398550bf
-
SHA256
d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827
-
SHA512
5d6adf163ca3e18691fc0b34ce1b8277a540e93cb387ae7813bc1dbc84d2c75ca8ff462e67083c08ae4f3cdfdfb1f2671cdd30738f6bbf824b2a93bda7043ad2
-