General
-
Target
5yyNVbMOOjT1pLcNXc3B1EPt.exe
-
Size
394KB
-
Sample
211016-de2f4sbfe2
-
MD5
47e59166e719f7e4641e5462be5fdc80
-
SHA1
08e9365dc59124e24c193f636b11ae8fc27c28c5
-
SHA256
fe622c4801737dede008dfecf2bcf48316f0adebbc080d27a2664ee8b606415c
-
SHA512
3fd806dab8c7a673cb46d938c456f59563f61ac3506a2b5c051165f8330ac367a54db091ecc0cdaddfbfb9545af17423378e31f97e2dc10fe3f9c516ce33f40d
Static task
static1
Behavioral task
behavioral1
Sample
5yyNVbMOOjT1pLcNXc3B1EPt.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
5yyNVbMOOjT1pLcNXc3B1EPt.exe
Resource
win10-en-20211014
Malware Config
Extracted
arkei
Default
http://game2030.link/ggate.php
Extracted
cryptbot
cemvua52.top
morcih05.top
-
payload_url
http://bojmyk07.top/download.php?file=lv.exe
Extracted
redline
mix16.10
185.215.113.15:57055
Targets
-
-
Target
5yyNVbMOOjT1pLcNXc3B1EPt.exe
-
Size
394KB
-
MD5
47e59166e719f7e4641e5462be5fdc80
-
SHA1
08e9365dc59124e24c193f636b11ae8fc27c28c5
-
SHA256
fe622c4801737dede008dfecf2bcf48316f0adebbc080d27a2664ee8b606415c
-
SHA512
3fd806dab8c7a673cb46d938c456f59563f61ac3506a2b5c051165f8330ac367a54db091ecc0cdaddfbfb9545af17423378e31f97e2dc10fe3f9c516ce33f40d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-