General
-
Target
IObit.Security.360.PRO.keygen.by.aaocg SAMPLE.zip
-
Size
6.3MB
-
Sample
210929-vgrs5afch6
-
MD5
00b1f861788bace2678f4949c14535a8
-
SHA1
02438ac6073a2631a387341c20199ec3b0744dfa
-
SHA256
9d1eb5589f8a159b62093c38ba93392b0e35896355a10b4715280eafecca42d9
-
SHA512
ea044b14928737a173a6176113b54993c9d5951fc2ee4851f7215a16a3ad8f1a98379e23292bcbd7e328295988d6ab6ab1addd68b76ffae55f7e90560308c49d
Static task
static1
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Extracted
redline
newbuild
kahaduenan.xyz:80
Targets
-
-
Target
IObit.Security.360.PRO.keygen.by.aaocg.exe
-
Size
6.4MB
-
MD5
01680f9cddf28f0977ee8b16e8925ada
-
SHA1
eb756647d1c5e037d463427e487b05373e944a38
-
SHA256
14c7dee08ab80f716c12bdf7ee255d12c05ca14c36c0c4ac14bea9819abe801b
-
SHA512
94c872bde069852103b7701e0d1684366d8a4cccfd22cc3cd21c4860f71ff6b1a7c6491e5da35e188f7b67bca12bab2ef83e842bcf672c5e843a469d22d81594
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-