General
-
Target
b95cb76cec0b0c88a409403518559fb3.exe
-
Size
153KB
-
Sample
220125-tf9rwaadfr
-
MD5
b95cb76cec0b0c88a409403518559fb3
-
SHA1
7692607a52ada1a447913d1990628c13e22f4b04
-
SHA256
ba2c8fcdef3c1675e57b94c9a7b04088a68d98110cf1ddf509eae437f731b138
-
SHA512
33fa4970b8d272209a39c1afe23f601f4dd146596cb28e2f830df8328ba2d4455ae801817062405148e6b5faae4773828e674740cc65bf46f37a7c5a99d4bc79
Static task
static1
Behavioral task
behavioral1
Sample
b95cb76cec0b0c88a409403518559fb3.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
1.0.7
Default
null:null
DcRatMutex
-
anti_vm
false
-
bsod
true
-
delay
1
-
install
true
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/SctPUR4x
Extracted
redline
cheat
rat3000.ddns.net:56698
Targets
-
-
Target
b95cb76cec0b0c88a409403518559fb3.exe
-
Size
153KB
-
MD5
b95cb76cec0b0c88a409403518559fb3
-
SHA1
7692607a52ada1a447913d1990628c13e22f4b04
-
SHA256
ba2c8fcdef3c1675e57b94c9a7b04088a68d98110cf1ddf509eae437f731b138
-
SHA512
33fa4970b8d272209a39c1afe23f601f4dd146596cb28e2f830df8328ba2d4455ae801817062405148e6b5faae4773828e674740cc65bf46f37a7c5a99d4bc79
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-