General
-
Target
B10274561191CEDB0B16D2A69FDCD4E5062EDFE262184.exe
-
Size
3.6MB
-
Sample
211126-txhpqaddgr
-
MD5
19008dabdac3c666e9006648027c4754
-
SHA1
6a054be41ac9a5badab8d38552b8703c12b33cca
-
SHA256
b10274561191cedb0b16d2a69fdcd4e5062edfe2621842eacd55945ffded3f57
-
SHA512
83ff9b3b897055039061abcf65f46cfb2dbe8c418c4f959a2727f49035a361f541a1e2f511463cbd7449d0cb4828b6ae66290e1a6ed917d1b0d408d4bd90450b
Static task
static1
Behavioral task
behavioral1
Sample
B10274561191CEDB0B16D2A69FDCD4E5062EDFE262184.exe
Resource
win7-en-20211014
Malware Config
Extracted
vidar
40.2
706
https://kipriauka.tumblr.com/
-
profile_id
706
Extracted
redline
pab777
185.215.113.15:6043
Extracted
socelars
http://www.ecgbg.com/
Targets
-
-
Target
B10274561191CEDB0B16D2A69FDCD4E5062EDFE262184.exe
-
Size
3.6MB
-
MD5
19008dabdac3c666e9006648027c4754
-
SHA1
6a054be41ac9a5badab8d38552b8703c12b33cca
-
SHA256
b10274561191cedb0b16d2a69fdcd4e5062edfe2621842eacd55945ffded3f57
-
SHA512
83ff9b3b897055039061abcf65f46cfb2dbe8c418c4f959a2727f49035a361f541a1e2f511463cbd7449d0cb4828b6ae66290e1a6ed917d1b0d408d4bd90450b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-