Extracted

Extracted

• • Target

    48084-116-0x0000000000ED0000-0x00000000013FA000-memory.dmp

  • Size

    5.2MB

  • MD5

    9170ac4e0a5177f903c178360de91dfb

  • SHA1

    f4ca61c687fea0482a2b331b98f218b4f92d9041

  • SHA256

    f2ff7231a4988f1810539eef98fe32d896b67c3ed1b38c89149696a10c79e205

  • SHA512

    6bfcf506f1b2ebe8612c1638284e7ec60ad48f5a72cc9c225b0e7b52aff23d3bd3207bc65b0161f94680ce55e58047311245065ebc83af14c336151bca0cbafd

  Score

  10^/10

  asyncratredlineytstealerglhffevasioninfostealerratspywarestealertrojanupx

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Async RAT payload

    rat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2