General
-
Target
5ae748c103a50cdd6d338506a153caa6.exe
-
Size
268KB
-
Sample
220124-zd5yssaag8
-
MD5
5ae748c103a50cdd6d338506a153caa6
-
SHA1
cfc4f248b309c6e8ac5b8031a2a4d614a48c5ea7
-
SHA256
870a4cfc58c388361c8834701aa8112a0de4155305e92aedc66e0384813d3439
-
SHA512
b7a354d56a07aede8eef9357985545c3a576a788fb6b6c11b88401ea9f81d3f5637ca63cc399f6096a96d4c73425d9e7787fa63d7b51cb72424b5d565bec5682
Behavioral task
behavioral1
Sample
5ae748c103a50cdd6d338506a153caa6.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5ae748c103a50cdd6d338506a153caa6.exe
Resource
win10-en-20211208
Malware Config
Extracted
asyncrat
1.0.7
Default
null:null
DcRatMutex
-
anti_vm
false
-
bsod
false
-
delay
1
-
install
true
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/SctPUR4x
Extracted
redline
cheat
rat3000.ddns.net:56698
Extracted
redline
@xbaxissxx
137.117.100.173:36513
Targets
-
-
Target
5ae748c103a50cdd6d338506a153caa6.exe
-
Size
268KB
-
MD5
5ae748c103a50cdd6d338506a153caa6
-
SHA1
cfc4f248b309c6e8ac5b8031a2a4d614a48c5ea7
-
SHA256
870a4cfc58c388361c8834701aa8112a0de4155305e92aedc66e0384813d3439
-
SHA512
b7a354d56a07aede8eef9357985545c3a576a788fb6b6c11b88401ea9f81d3f5637ca63cc399f6096a96d4c73425d9e7787fa63d7b51cb72424b5d565bec5682
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
XMRig Miner Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-