General
-
Target
52B69CCF22EC2B5084FEE8F4EC9188ED.exe
-
Size
4.7MB
-
Sample
210905-pxdcsahfb6
-
MD5
52b69ccf22ec2b5084fee8f4ec9188ed
-
SHA1
a5dc3c46688bac249e0da29b1b2da8640039d108
-
SHA256
3542020f73e24ff693b50a375bbd366e6b6ca4cd4fd93bd15403e4cc70d91756
-
SHA512
1732ea60b4729e1440c585d7b7156db6c49f0c88e0c3de6257e21550a3abb9ea5b5744886ec60ba9fe7b25f395d67867e68b730bf8ffee4e859eb61211788d65
Static task
static1
Behavioral task
behavioral1
Sample
52B69CCF22EC2B5084FEE8F4EC9188ED.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
52B69CCF22EC2B5084FEE8F4EC9188ED.exe
Resource
win10v20210408
Malware Config
Extracted
redline
pab777
185.215.113.15:6043
Extracted
vidar
40.3
706
https://lenko349.tumblr.com/
-
profile_id
706
Extracted
vidar
40.4
937
https://romkaxarit.tumblr.com/
-
profile_id
937
Extracted
raccoon
b8ef25fa9e346b7a31e4b6ff160623dd5fed2474
-
url4cnc
https://telete.in/iphbarberleo
Targets
-
-
Target
52B69CCF22EC2B5084FEE8F4EC9188ED.exe
-
Size
4.7MB
-
MD5
52b69ccf22ec2b5084fee8f4ec9188ed
-
SHA1
a5dc3c46688bac249e0da29b1b2da8640039d108
-
SHA256
3542020f73e24ff693b50a375bbd366e6b6ca4cd4fd93bd15403e4cc70d91756
-
SHA512
1732ea60b4729e1440c585d7b7156db6c49f0c88e0c3de6257e21550a3abb9ea5b5744886ec60ba9fe7b25f395d67867e68b730bf8ffee4e859eb61211788d65
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
VKeylogger Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-