General
-
Target
62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c
-
Size
171KB
-
Sample
221105-l2kqwahchm
-
MD5
e5ba3869cadaeb82206a96d4749f1998
-
SHA1
da714b64cb8ec12aa35b27c2f179cabd2ffa3335
-
SHA256
62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c
-
SHA512
9248dbcddd6817f045d2778eea753828175881891b231bef5ade9d22400fb4213ab7643bdc303f06685aafd48562ce722dd29e806cb12165c25ae1e87ed5dcd8
-
SSDEEP
3072:OgLaeRDcpY9KvuYF8LrN2hQSb7bEot4dfhQ+ibgTF6kD21qF2Gz:Oiao9KvuDLp2hGPCRb4FR
Static task
static1
Behavioral task
behavioral1
Sample
62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c.exe
Resource
win10-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
WindowsDefenderSmarttScreen
217.64.31.3:9742
WindowsDefenderSmarttScreen
-
delay
1
-
install
false
-
install_file
WindowsDefenderSmarttScreen.exe
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
SecurityHealthServic
20.8.122.174:31682
SecurityHealthServic
-
delay
3
-
install
false
-
install_file
SecurityHealthService
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Extracted
asyncrat
1.0.7
SmartScreenDefender
20.166.62.124:49264
SmartScreenDefender
-
delay
1
-
install
false
-
install_file
SmartScreenDefender
-
install_folder
%AppData%
Extracted
redline
muck
20.126.112.157:16733
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c
-
Size
171KB
-
MD5
e5ba3869cadaeb82206a96d4749f1998
-
SHA1
da714b64cb8ec12aa35b27c2f179cabd2ffa3335
-
SHA256
62794bcc1fbf656453f96fa3c7d3db019963a805fa223bc4d2f8427d1294d50c
-
SHA512
9248dbcddd6817f045d2778eea753828175881891b231bef5ade9d22400fb4213ab7643bdc303f06685aafd48562ce722dd29e806cb12165c25ae1e87ed5dcd8
-
SSDEEP
3072:OgLaeRDcpY9KvuYF8LrN2hQSb7bEot4dfhQ+ibgTF6kD21qF2Gz:Oiao9KvuDLp2hGPCRb4FR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-