General
-
Target
b093aaef126ed498ce1312a782794d1796b3ec334c18c71aa34f0f26cef148eb
-
Size
657KB
-
Sample
220524-z31elscbhk
-
MD5
6b92f239cfb02c043c8e97bbffc806d1
-
SHA1
1d09bd8954c9dec8002711813d897d3e9776182b
-
SHA256
b093aaef126ed498ce1312a782794d1796b3ec334c18c71aa34f0f26cef148eb
-
SHA512
4ecb22d3c233451312b74c2216abd506fc5a5a24ea66d18329f2f564bbc8124e16007ea090d400cd287f28cc5753cc8f4746042bc7d20f3d18217696bc0444a4
Malware Config
Extracted
redline
roddy
marioruntime.top:80
Targets
-
-
Target
b093aaef126ed498ce1312a782794d1796b3ec334c18c71aa34f0f26cef148eb
-
Size
657KB
-
MD5
6b92f239cfb02c043c8e97bbffc806d1
-
SHA1
1d09bd8954c9dec8002711813d897d3e9776182b
-
SHA256
b093aaef126ed498ce1312a782794d1796b3ec334c18c71aa34f0f26cef148eb
-
SHA512
4ecb22d3c233451312b74c2216abd506fc5a5a24ea66d18329f2f564bbc8124e16007ea090d400cd287f28cc5753cc8f4746042bc7d20f3d18217696bc0444a4
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Suspicious use of SetThreadContext
-