General
-
Target
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
-
Size
3.2MB
-
Sample
221213-2qhp5sbd5t
-
MD5
c3e6ed24af33b5ea3f971939749cb6a1
-
SHA1
b0f6eb6d427ca251790dc74d2f82d6943d0376a0
-
SHA256
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
-
SHA512
79eff14ee676eb2f3d0f6274ed246177a2015c6beff2b6924bf48914ef022b83ccaa8cc0804da77d714615aed7aeb869ae3b35b21cc76f73ed4e7cb3df7d5a54
-
SSDEEP
98304:kr9uY//nZ+dvt9bOqDzKHVBEu4SsJnFQyluV3knhfq6pO:o9//Z+dv/OM21CrSrVYq6pO
Static task
static1
Behavioral task
behavioral1
Sample
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
2
94.158.244.106:42091
-
auth_value
97b1012a1f2da1b5d673765c85a9d94c
Targets
-
-
Target
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
-
Size
3.2MB
-
MD5
c3e6ed24af33b5ea3f971939749cb6a1
-
SHA1
b0f6eb6d427ca251790dc74d2f82d6943d0376a0
-
SHA256
c2c6e13f08cd8b5bf721576ca1372b72cdf0c33d8aafac2e529f3aa3c73a6a80
-
SHA512
79eff14ee676eb2f3d0f6274ed246177a2015c6beff2b6924bf48914ef022b83ccaa8cc0804da77d714615aed7aeb869ae3b35b21cc76f73ed4e7cb3df7d5a54
-
SSDEEP
98304:kr9uY//nZ+dvt9bOqDzKHVBEu4SsJnFQyluV3knhfq6pO:o9//Z+dv/OM21CrSrVYq6pO
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-