General
-
Target
VAPE CRACK.exe
-
Size
7.3MB
-
Sample
211023-vejdzadcgp
-
MD5
c884991c01d2854cd2d9b46f792207fc
-
SHA1
3f1549e8aaea2119361caa588d47de42aab0dc47
-
SHA256
914644da1b2f5c041a3199411b353f3c8e5b7e965399ac015bbc6c5286da7a7e
-
SHA512
0fade5bc588ea78f9dc589ca2c1223ae6141e6eae3af92a7d660f5343ebfb798b6de1c6011f52061ef2a2cc29800615420dbaaa68b7fac3f10b6a0a0a6da9669
Static task
static1
Behavioral task
behavioral1
Sample
VAPE CRACK.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
VAPE CRACK.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@zenvolord
185.209.22.181:29234
Targets
-
-
Target
VAPE CRACK.exe
-
Size
7.3MB
-
MD5
c884991c01d2854cd2d9b46f792207fc
-
SHA1
3f1549e8aaea2119361caa588d47de42aab0dc47
-
SHA256
914644da1b2f5c041a3199411b353f3c8e5b7e965399ac015bbc6c5286da7a7e
-
SHA512
0fade5bc588ea78f9dc589ca2c1223ae6141e6eae3af92a7d660f5343ebfb798b6de1c6011f52061ef2a2cc29800615420dbaaa68b7fac3f10b6a0a0a6da9669
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-