asyncrat | cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942 | Triage

Submit
Reports

Overview

overview

Static

static

cb6868475e...42.exe

windows7-x64

cb6868475e...42.exe

windows10-2004-x64

Sharing

General

Target

cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942
Size

674KB
Sample

221201-nzv5yahb7s
MD5

41335f83156230e62b02ea6831eb6351
SHA1

b88b3b41e61c8633316b36bac395bd9d5cdec0cf
SHA256

cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942
SHA512

cec006fe36d20970c97d90116c8a3f375c1b37bfdec45f052c739d9f19bc9c2838aa2df4b71b38f288d089b6d4eeeda3f3e5e0e9b34f0bb102666adb2da8c9ca
SSDEEP

12288:FWCLQIClF5mkXWP3dFwCy6ZnPzmPQuwB6:HQIAFQkXWP3jhLmPl06

Score

10^/10

asyncrat redline 2811 infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942.exe

Resource

win7-20220901-en

asyncrat redline 2811 infostealer rat spyware

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942.exe

Resource

win10v2004-20220812-en

asyncrat redline 2811 infostealer rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

2811

C2

81.161.229.143:26910

Attributes

auth_value
ef69aa35b72be83a278c5107422c9e4e

Targets

- Target
  
  cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942
- Size
  
  674KB
- MD5
  
  41335f83156230e62b02ea6831eb6351
- SHA1
  
  b88b3b41e61c8633316b36bac395bd9d5cdec0cf
- SHA256
  
  cb6868475e1cbfc57a9dbc3dab3bc725e91fe0e942e457f63085ce21b87a3942
- SHA512
  
  cec006fe36d20970c97d90116c8a3f375c1b37bfdec45f052c739d9f19bc9c2838aa2df4b71b38f288d089b6d4eeeda3f3e5e0e9b34f0bb102666adb2da8c9ca
- SSDEEP
  
  12288:FWCLQIClF5mkXWP3dFwCy6ZnPzmPQuwB6:HQIAFQkXWP3jhLmPl06
Score

10^/10

asyncrat redline 2811 infostealer rat spyware stealer
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

asyncratredline2811infostealerratspyware

behavioral2

asyncratredline2811infostealerratspywarestealer

© 2018-2024

Terms | Privacy