General
-
Target
cbd91cad2d5d3c281f2c005768b355cd0d4acd25a07ff2971265fbfa621960d5
-
Size
301KB
-
Sample
220911-tl7jpsbhf4
-
MD5
b498fba4a92075d3e872582d0d95bb24
-
SHA1
5126242c449528b37556aeffe2f79f5f45d3b4f9
-
SHA256
cbd91cad2d5d3c281f2c005768b355cd0d4acd25a07ff2971265fbfa621960d5
-
SHA512
ee4d2dbda2b1a91b3a86143f93f062d906c1b7a198dbfc0cf949bc634384b69c707cc8891bc9ea490e0b7f777eed4643e92ba4ab9f7370bd66c838a78fd49fda
-
SSDEEP
6144:0eNKjc8qNDLYCWkp9ojiPXeZstzGQB1L5E1h9gdJ9l:0PjFqVLYCn6jKXeZstzx1L5mjgdJr
Static task
static1
Behavioral task
behavioral1
Sample
cbd91cad2d5d3c281f2c005768b355cd0d4acd25a07ff2971265fbfa621960d5.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
567d5bff28c2a18132d2f88511f07435
http://116.203.167.5/
http://195.201.248.58/
Extracted
redline
150
159.69.33.68:47980
-
auth_value
99958562cc59b85d8df31e69e71f985a
Targets
-
-
Target
cbd91cad2d5d3c281f2c005768b355cd0d4acd25a07ff2971265fbfa621960d5
-
Size
301KB
-
MD5
b498fba4a92075d3e872582d0d95bb24
-
SHA1
5126242c449528b37556aeffe2f79f5f45d3b4f9
-
SHA256
cbd91cad2d5d3c281f2c005768b355cd0d4acd25a07ff2971265fbfa621960d5
-
SHA512
ee4d2dbda2b1a91b3a86143f93f062d906c1b7a198dbfc0cf949bc634384b69c707cc8891bc9ea490e0b7f777eed4643e92ba4ab9f7370bd66c838a78fd49fda
-
SSDEEP
6144:0eNKjc8qNDLYCWkp9ojiPXeZstzGQB1L5E1h9gdJ9l:0PjFqVLYCn6jKXeZstzx1L5mjgdJr
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-