General
-
Target
64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
-
Size
213KB
-
Sample
221229-3rallahg4s
-
MD5
88ffdecb0ac10bb4d781e5ca059ef0eb
-
SHA1
37799f59086508a5d69dddc4173276bd37ac607f
-
SHA256
48477731c540605dad84300f6f93ad90531d87ada89cad74f064b36bcd89828e
-
SHA512
6be29bd110f5a8c67a1c78dc2378c08fbe128035fab530eca488b818492d7d8eb4cf7eaedfb41327f401f0a8a37bbe327bc8da67b9c6eaaed568888c7ab381e6
-
SSDEEP
6144:ED2yZIhyrwOJwnqzL7LWw1u2HryovVvq60ZjgTI:ED1IEFRv7KSHVdwZ0E
Static task
static1
Behavioral task
behavioral1
Sample
64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
installs
77.73.134.57:20368
-
auth_value
018d84fd84774560e4827f12acc7d4af
Targets
-
-
Target
64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
-
Size
327KB
-
MD5
ffdcce59d85399b04eaf9eae45a4ef00
-
SHA1
6da8310b3fb1205e41b66010f30b72336759b5ab
-
SHA256
64c8961580c51d91243226dac1d4b95a4bc9a47f580acadfaa291c3ae1b7e14a
-
SHA512
2f6f76aa01bb072d66a59a6edec8543b7b0e9fab8a9e91273d103383f942c8111e4b9e65e16763810017de5c4a5b4b89aaf7cb0fb000081d3affed3929d3ff3b
-
SSDEEP
6144:hkU4szLY+MQHUhtorwOJwL82XYosWYf67k13bwZ4Vxq:V9zs+MQ0sFV2XxsWYy7
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-