General
-
Target
ce23492949ee720fc6d508e892fc7989ede3b3c89c7227e1e1735155c2735607
-
Size
144KB
-
Sample
221001-pjfwragad3
-
MD5
3601d4384b2490d9d92bf66badcdd6b8
-
SHA1
14d9a33e4da6f7e1aca41bf7de5525230c26c7aa
-
SHA256
ce23492949ee720fc6d508e892fc7989ede3b3c89c7227e1e1735155c2735607
-
SHA512
33f7a0bc00a418290226984cf91adb80d3d4850dff89b8582a670c476fe65cc5879d84d473feea452d319f10304e9b20bfed2f6d85bdb5ad9552451fcf6cdcba
-
SSDEEP
3072:xntcyrZRhq/ndCy1mhoIV4C/3Lo/9x/5IZu:syMnEy1vIVd/3Az/KZu
Static task
static1
Behavioral task
behavioral1
Sample
ce23492949ee720fc6d508e892fc7989ede3b3c89c7227e1e1735155c2735607.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
45.154.98.214:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
redline
1
93.159.221.122:8387
Extracted
redline
fud
45.15.156.7:48638
-
auth_value
da2faefdcf53c9d85fcbb82d0cbf4876
Targets
-
-
Target
ce23492949ee720fc6d508e892fc7989ede3b3c89c7227e1e1735155c2735607
-
Size
144KB
-
MD5
3601d4384b2490d9d92bf66badcdd6b8
-
SHA1
14d9a33e4da6f7e1aca41bf7de5525230c26c7aa
-
SHA256
ce23492949ee720fc6d508e892fc7989ede3b3c89c7227e1e1735155c2735607
-
SHA512
33f7a0bc00a418290226984cf91adb80d3d4850dff89b8582a670c476fe65cc5879d84d473feea452d319f10304e9b20bfed2f6d85bdb5ad9552451fcf6cdcba
-
SSDEEP
3072:xntcyrZRhq/ndCy1mhoIV4C/3Lo/9x/5IZu:syMnEy1vIVd/3Az/KZu
-
Chaos Ransomware
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-