General
-
Target
6d717fe6e6123691c7d9ffee92625c2f.exe
-
Size
47KB
-
Sample
221202-bsz44aac26
-
MD5
6d717fe6e6123691c7d9ffee92625c2f
-
SHA1
ac8e4b99c2398a48884805255f2fa90daf0dff3c
-
SHA256
39ae1a73d9326d866c0ea79742243790ed3aeeceac161f1a23f7b0c7b84b4570
-
SHA512
2b1d1ef8cc59b9916ccea5712609117d99576d59d3376bfe187eca473f988c0c76bc16dfff75d0e936af769963e13135f2f5f45ae7d4b62c619ffb88d20afdf8
-
SSDEEP
768:R/IO5VILWCyh+DiWtelDSN+iV08YbygejovEgK/J/ZVc6KN:R/PNWtKDs4zb1BnkJ/ZVclN
Behavioral task
behavioral1
Sample
6d717fe6e6123691c7d9ffee92625c2f.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
193.233.48.17:8848
dfas9asdf8as8z
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
redline
test
193.233.48.17:9832
Targets
-
-
Target
6d717fe6e6123691c7d9ffee92625c2f.exe
-
Size
47KB
-
MD5
6d717fe6e6123691c7d9ffee92625c2f
-
SHA1
ac8e4b99c2398a48884805255f2fa90daf0dff3c
-
SHA256
39ae1a73d9326d866c0ea79742243790ed3aeeceac161f1a23f7b0c7b84b4570
-
SHA512
2b1d1ef8cc59b9916ccea5712609117d99576d59d3376bfe187eca473f988c0c76bc16dfff75d0e936af769963e13135f2f5f45ae7d4b62c619ffb88d20afdf8
-
SSDEEP
768:R/IO5VILWCyh+DiWtelDSN+iV08YbygejovEgK/J/ZVc6KN:R/PNWtKDs4zb1BnkJ/ZVclN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-