General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.7624.22952
-
Size
1.0MB
-
Sample
220808-d3mb4acebq
-
MD5
a80a2a5f4aaee7c7df7f01ca7a919080
-
SHA1
17dc830d904c56709e910c193be53927b2783516
-
SHA256
817eb88f299a32c9937d45886b978c2fcee619c756d4daf33af39604432064f0
-
SHA512
ff5f2808d8252a707c8e7b11a67290d0dac0a6e2d45a717c02384a6240b74e4910bc8497349589c1813122f0c8e49b49dc8a9653b1e9d06b8c970e46aa81e751
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.7624.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetectNet.01.7624.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
warzonerat
76.8.53.133:1198
Extracted
redline
IYKE
76.8.53.133:30308
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.7624.22952
-
Size
1.0MB
-
MD5
a80a2a5f4aaee7c7df7f01ca7a919080
-
SHA1
17dc830d904c56709e910c193be53927b2783516
-
SHA256
817eb88f299a32c9937d45886b978c2fcee619c756d4daf33af39604432064f0
-
SHA512
ff5f2808d8252a707c8e7b11a67290d0dac0a6e2d45a717c02384a6240b74e4910bc8497349589c1813122f0c8e49b49dc8a9653b1e9d06b8c970e46aa81e751
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-