General
-
Target
1_KpCGvNj.exe
-
Size
250KB
-
Sample
220411-dew7dsgadk
-
MD5
2f84afead84a3699cb870693b05c308c
-
SHA1
f7a22058ca233ad6685af822a209598b6413b5d7
-
SHA256
8eaf681b745ba342b3c952210ea78b6db1cf699954021ece171f71dbd9f8ac43
-
SHA512
fb0f7aa35c5e6820d347aae549e7e77052e7c1173f4d1c65d1aca9a4a53463b6a2fdf25da1b58a638d73f30ffbaaf60c7f7120e024548c8b099e769465c5a247
Malware Config
Extracted
redline
111
188.68.205.12:20861
-
auth_value
7160caade6584e8f8e67bbb8a6565985
Targets
-
-
Target
1_KpCGvNj.exe
-
Size
250KB
-
MD5
2f84afead84a3699cb870693b05c308c
-
SHA1
f7a22058ca233ad6685af822a209598b6413b5d7
-
SHA256
8eaf681b745ba342b3c952210ea78b6db1cf699954021ece171f71dbd9f8ac43
-
SHA512
fb0f7aa35c5e6820d347aae549e7e77052e7c1173f4d1c65d1aca9a4a53463b6a2fdf25da1b58a638d73f30ffbaaf60c7f7120e024548c8b099e769465c5a247
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
-
LoaderBot executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-