General
-
Target
ReboundMenu_V4.15.3.exe
-
Size
1.7MB
-
Sample
220415-hzekasdha3
-
MD5
11bee17705209c6aa6789c93d3789eaa
-
SHA1
93098eab6c80fbd80d538385d1fafc5dd20500b2
-
SHA256
484525c831d15dfb80c4355a6995f331a15e3a3bdeea43746e5d4000a16b27e6
-
SHA512
b0bedfb38d641d0667dd14161f36bd3a16b80dbd54be9840cad88d04d97385334cd112176456f923b5e443d13b43227f5229a7ade644c1048ec704eb71de2fd2
Static task
static1
Behavioral task
behavioral1
Sample
ReboundMenu_V4.15.3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ReboundMenu_V4.15.3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
185.186.142.127:6737
-
auth_value
69a1f5b6b455ba880252fbfe1168b351
Targets
-
-
Target
ReboundMenu_V4.15.3.exe
-
Size
1.7MB
-
MD5
11bee17705209c6aa6789c93d3789eaa
-
SHA1
93098eab6c80fbd80d538385d1fafc5dd20500b2
-
SHA256
484525c831d15dfb80c4355a6995f331a15e3a3bdeea43746e5d4000a16b27e6
-
SHA512
b0bedfb38d641d0667dd14161f36bd3a16b80dbd54be9840cad88d04d97385334cd112176456f923b5e443d13b43227f5229a7ade644c1048ec704eb71de2fd2
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-