General
-
Target
a92393ed590a3d90bf8ec8f1dfa4433f.exe
-
Size
149KB
-
Sample
220121-pc6tlahcfr
-
MD5
a92393ed590a3d90bf8ec8f1dfa4433f
-
SHA1
f345aa40fe883cf3eee8626d43542e815a4aacf7
-
SHA256
d0fef87fd7e5a7214773deef4c445970147c88d5335867b552f9d4d22ef0231b
-
SHA512
268a682ed1d647c8b5ff8ca3e3b4ad3fdbc99a945726913e4a24295fc02d33cbb3a93e225250ce86d9bde328f9acb18a69671967c2c451f144456764ed8fe996
Static task
static1
Behavioral task
behavioral1
Sample
a92393ed590a3d90bf8ec8f1dfa4433f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a92393ed590a3d90bf8ec8f1dfa4433f.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
1.0.7
crax.pro
137.117.100.173:443
DEV1LMTXR
-
anti_vm
false
-
bsod
true
-
delay
1
-
install
false
-
install_file
RuntimeBroker.exe
-
install_folder
%Temp%
-
pastebin_config
null
Extracted
redline
@zerosumOxO
137.117.100.173:36513
Targets
-
-
Target
a92393ed590a3d90bf8ec8f1dfa4433f.exe
-
Size
149KB
-
MD5
a92393ed590a3d90bf8ec8f1dfa4433f
-
SHA1
f345aa40fe883cf3eee8626d43542e815a4aacf7
-
SHA256
d0fef87fd7e5a7214773deef4c445970147c88d5335867b552f9d4d22ef0231b
-
SHA512
268a682ed1d647c8b5ff8ca3e3b4ad3fdbc99a945726913e4a24295fc02d33cbb3a93e225250ce86d9bde328f9acb18a69671967c2c451f144456764ed8fe996
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-