General
-
Target
528049736d6b6647d3cc4216902bffca9c1aed8a8d669606129a811862f38914
-
Size
145KB
-
Sample
221001-ncawgsfhe5
-
MD5
da3326025a075eaba1f6b3d774efa8ad
-
SHA1
190b0825b184f64e1aaf809ecf9c38e64161ba39
-
SHA256
528049736d6b6647d3cc4216902bffca9c1aed8a8d669606129a811862f38914
-
SHA512
97b462223fca81ceeb1274b0611ce47a63cab408c715db2f505d3310f33cb889d0b9df615f066110c7e3d8a46711a60dee0175b9e15dd4a69ef2bfbd58849b96
-
SSDEEP
1536:ZOH8UxIs9UypeZR21/RIa7cqO12vT0HqZTPmMg+nXJGGSjln06Uj3jnbfxGhrs:ZOceT1/R57O12vYHeUuQpNe3jbfsh4
Static task
static1
Malware Config
Extracted
asyncrat
0.5.7B
Default
45.154.98.214:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
redline
fud
45.15.156.7:48638
-
auth_value
da2faefdcf53c9d85fcbb82d0cbf4876
Targets
-
-
Target
528049736d6b6647d3cc4216902bffca9c1aed8a8d669606129a811862f38914
-
Size
145KB
-
MD5
da3326025a075eaba1f6b3d774efa8ad
-
SHA1
190b0825b184f64e1aaf809ecf9c38e64161ba39
-
SHA256
528049736d6b6647d3cc4216902bffca9c1aed8a8d669606129a811862f38914
-
SHA512
97b462223fca81ceeb1274b0611ce47a63cab408c715db2f505d3310f33cb889d0b9df615f066110c7e3d8a46711a60dee0175b9e15dd4a69ef2bfbd58849b96
-
SSDEEP
1536:ZOH8UxIs9UypeZR21/RIa7cqO12vT0HqZTPmMg+nXJGGSjln06Uj3jnbfxGhrs:ZOceT1/R57O12vYHeUuQpNe3jbfsh4
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-