General
-
Target
9d3b35dd52759c54dfe1d0b2853de31a745836acbbd30834237e24ea9f3a243d.zip
-
Size
14.9MB
-
Sample
211123-v7e71saghp
-
MD5
e8a879755cf4880510bcc2afefdc6af1
-
SHA1
1669bc27bd4a0f8ffae46b1097849086c269f3e9
-
SHA256
ad2a8edb56d190c0a1f70b3475fd5c850ba7f22bc756fb374fa3572cb0942e3f
-
SHA512
7730286cf0bb6f7405a9ff98c98fb0a3d54cd08057c30961237b7b4849509b972f2596dbc6206863190e3ca471a9592472de7038e6905532e5a79aef4f8d7d1d
Static task
static1
Behavioral task
behavioral1
Sample
9d3b35dd52759c54dfe1d0b2853de31a745836acbbd30834237e24ea9f3a243d.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
9d3b35dd52759c54dfe1d0b2853de31a745836acbbd30834237e24ea9f3a243d.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
user01new
49.12.219.50:4846
Extracted
socelars
http://www.ecgbg.com/
Extracted
redline
media22test
91.121.67.60:51630
Extracted
smokeloader
2020
http://membro.at/upload/
http://jeevanpunetha.com/upload/
http://misipu.cn/upload/
http://zavodooo.ru/upload/
http://targiko.ru/upload/
http://vues3d.com/upload/
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
9d3b35dd52759c54dfe1d0b2853de31a745836acbbd30834237e24ea9f3a243d
-
Size
14.9MB
-
MD5
dbae02b301fffdd6665b76125e089518
-
SHA1
2aef5e1874ad5a4f1de05540d60b3851570d7101
-
SHA256
9d3b35dd52759c54dfe1d0b2853de31a745836acbbd30834237e24ea9f3a243d
-
SHA512
c12ad6d1181462b5fee6d87897cf314b83e047404f5ff2ac25870aeb90698f7c1d18df41ea4e2ac4fccd0b0f4bc33020e080a9e02c017c0e02aeaf3d468da567
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE GCleaner Downloader Activity M5
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-