General
-
Target
9bdbe4fe72c08a175a7ecf0eb7e1b6bdbe54b29e1eeb021d06c1d75a6ccfdde5
-
Size
303KB
-
Sample
220911-vbj64abhh2
-
MD5
4e053839a856bca37eafdfe73ea60129
-
SHA1
1e493ca5ddac5f979a9ce3efd1e3c2236bf87df1
-
SHA256
9bdbe4fe72c08a175a7ecf0eb7e1b6bdbe54b29e1eeb021d06c1d75a6ccfdde5
-
SHA512
b86d6e976ab325feffa571da29988654d0bec98c361d11f5eec7ce307847399d8db8b685cef0350a1f7dc008d46337d965b994080060ec92c13339bf9d3f49ae
-
SSDEEP
6144:uIKBBL3qN/aBJf9aQ/jDRwNc7JLs0JUM03ALfliwws80m:tUjqhaBV8QrDRwNc7yvb34f8T0
Static task
static1
Behavioral task
behavioral1
Sample
9bdbe4fe72c08a175a7ecf0eb7e1b6bdbe54b29e1eeb021d06c1d75a6ccfdde5.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
567d5bff28c2a18132d2f88511f07435
http://116.203.167.5/
http://195.201.248.58/
Extracted
redline
150
159.69.33.68:47980
-
auth_value
99958562cc59b85d8df31e69e71f985a
Targets
-
-
Target
9bdbe4fe72c08a175a7ecf0eb7e1b6bdbe54b29e1eeb021d06c1d75a6ccfdde5
-
Size
303KB
-
MD5
4e053839a856bca37eafdfe73ea60129
-
SHA1
1e493ca5ddac5f979a9ce3efd1e3c2236bf87df1
-
SHA256
9bdbe4fe72c08a175a7ecf0eb7e1b6bdbe54b29e1eeb021d06c1d75a6ccfdde5
-
SHA512
b86d6e976ab325feffa571da29988654d0bec98c361d11f5eec7ce307847399d8db8b685cef0350a1f7dc008d46337d965b994080060ec92c13339bf9d3f49ae
-
SSDEEP
6144:uIKBBL3qN/aBJf9aQ/jDRwNc7JLs0JUM03ALfliwws80m:tUjqhaBV8QrDRwNc7yvb34f8T0
-
Detects Smokeloader packer
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-