General
-
Target
4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf
-
Size
1.4MB
-
Sample
221207-sbmk4sad21
-
MD5
ff8b52645b3eb0b891935435db2621a2
-
SHA1
78b2977d5be3ec42af6cd29485acdd347395fc9f
-
SHA256
4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf
-
SHA512
8c822285f60c1d54631692f033c4741e2eae02207b834c3432b5a2cec2bc3edaca73b9a4061559099e9cbb29845fb659705b5490e2eb6444adcdd733305fc08c
-
SSDEEP
24576:cx0M2zdGz97lh4eb1DXNJ4X6Pi3hlIT6mN1+vjCFHnbfG:cZ1pDXzi3h66mN1+rSbf
Static task
static1
Behavioral task
behavioral1
Sample
4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf.exe
Resource
win10-20220812-en
Malware Config
Extracted
vidar
56.1
1569
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1569
Targets
-
-
Target
4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf
-
Size
1.4MB
-
MD5
ff8b52645b3eb0b891935435db2621a2
-
SHA1
78b2977d5be3ec42af6cd29485acdd347395fc9f
-
SHA256
4fcbc17fc12ecf413b664e52177e48ea66e0e25581f144b4d1c4cac51c8346cf
-
SHA512
8c822285f60c1d54631692f033c4741e2eae02207b834c3432b5a2cec2bc3edaca73b9a4061559099e9cbb29845fb659705b5490e2eb6444adcdd733305fc08c
-
SSDEEP
24576:cx0M2zdGz97lh4eb1DXNJ4X6Pi3hlIT6mN1+vjCFHnbfG:cZ1pDXzi3h66mN1+rSbf
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Warzone RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-