General
-
Target
modest-menu.exe
-
Size
976KB
-
Sample
211209-ghwa2scbgq
-
MD5
65403678d1e87fdd20d21cfb63df77af
-
SHA1
afd03603aea6c7f6926f172d765e3a365d13cab0
-
SHA256
929db0e985f1291fb22f468e965c5325339504067702698354594d19e42f5f19
-
SHA512
fe63ca450954944cf3ade622d416398ab1a173a5bf30723aa1e7a0db187e9859101bb164e8c27f84d00e63a38687562f7e1a04261e34b36922e6cd2f67edc877
Static task
static1
Behavioral task
behavioral1
Sample
modest-menu.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
modest-menu.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
@baseljk (2066890620) [Ставка]
91.243.32.56:14420
Targets
-
-
Target
modest-menu.exe
-
Size
976KB
-
MD5
65403678d1e87fdd20d21cfb63df77af
-
SHA1
afd03603aea6c7f6926f172d765e3a365d13cab0
-
SHA256
929db0e985f1291fb22f468e965c5325339504067702698354594d19e42f5f19
-
SHA512
fe63ca450954944cf3ade622d416398ab1a173a5bf30723aa1e7a0db187e9859101bb164e8c27f84d00e63a38687562f7e1a04261e34b36922e6cd2f67edc877
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
-
LoaderBot executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-