General
-
Target
AutoInstall.exe
-
Size
1.8MB
-
Sample
220415-hs782adef5
-
MD5
d22dea0339065ec05cccf525b72a7b12
-
SHA1
fb73af59c4498f28ffd714d467551ec465b77d7d
-
SHA256
92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3
-
SHA512
9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573
Static task
static1
Behavioral task
behavioral1
Sample
AutoInstall.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AutoInstall.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@SDSAads2
104.168.44.52:80
-
auth_value
589d0e9314616e09f68efd12b2086ab8
Targets
-
-
Target
AutoInstall.exe
-
Size
1.8MB
-
MD5
d22dea0339065ec05cccf525b72a7b12
-
SHA1
fb73af59c4498f28ffd714d467551ec465b77d7d
-
SHA256
92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3
-
SHA512
9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-