General
-
Target
e326c7b1573790be0681dcdc109e15a3.exe
-
Size
68KB
-
Sample
220129-r21pzscga3
-
MD5
e326c7b1573790be0681dcdc109e15a3
-
SHA1
0c18ee8bce065b42ff09b034c7e92e6019d66dfd
-
SHA256
6acd5eb47c8c0bd86c1f04947074656f1e77a48dc4f5d2b02b487b4942dfe6c9
-
SHA512
305d175e5da5df650b956d433f31d8c9fc0a62430e79b048cdf530c9223928d5d693432e5a08508ecbe007b0294927c2a9b0418929de73372c7e3c8af4880dfe
Behavioral task
behavioral1
Sample
e326c7b1573790be0681dcdc109e15a3.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
1.0.7
Default
null:null
DcRatMutex
-
anti_vm
false
-
bsod
false
-
delay
1
-
install
true
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/SctPUR4x
Extracted
redline
OpaIkrito
xbaxis.ddns.net:45562
Targets
-
-
Target
e326c7b1573790be0681dcdc109e15a3.exe
-
Size
68KB
-
MD5
e326c7b1573790be0681dcdc109e15a3
-
SHA1
0c18ee8bce065b42ff09b034c7e92e6019d66dfd
-
SHA256
6acd5eb47c8c0bd86c1f04947074656f1e77a48dc4f5d2b02b487b4942dfe6c9
-
SHA512
305d175e5da5df650b956d433f31d8c9fc0a62430e79b048cdf530c9223928d5d693432e5a08508ecbe007b0294927c2a9b0418929de73372c7e3c8af4880dfe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-