General
-
Target
9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
-
Size
534KB
-
Sample
230119-hw4d9afc76
-
MD5
35de48ace22edbbb236c3d717efc7f97
-
SHA1
a5da09f406ffcaf55bc3edfcfb3aedd84c850450
-
SHA256
9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
-
SHA512
75e0ba081355634d6996af9eae2bdfd161d9fe6cfee25967d09fa148c2122d924c2206d72b76a503dcba2e1cbc42f878610e5164817b6d9c95c683c7252f0c19
-
SSDEEP
12288:8E1+CGi5U3xqGl2qvxuWKanVVcxxovK/wZ/o+1nF3QAPn/zFAps:d1+CJ5p5qAEVV4mvKqw+H3b/y
Behavioral task
behavioral1
Sample
9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689.exe
Resource
win10-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
WHostProjess
95.70.151.185:8805
WHostProjess
-
delay
3
-
install
false
-
install_file
WHostProjess
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Extracted
asyncrat
1.0.7
WindowsDefenderSmarttScreen
217.64.31.3:9742
WindowsDefenderSmarttScreen
-
delay
1
-
install
false
-
install_file
WindowsDefenderSmarttScreen.exe
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
UWUISCOMIC
20.100.196.69:9281
UWUISCOMIC
-
delay
3
-
install
false
-
install_file
DerenderScuriry
-
install_folder
%AppData%
Extracted
redline
Muckk
3.66.213.216:60782
Targets
-
-
Target
9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
-
Size
534KB
-
MD5
35de48ace22edbbb236c3d717efc7f97
-
SHA1
a5da09f406ffcaf55bc3edfcfb3aedd84c850450
-
SHA256
9c51eafc9db8f747cccf726178f3b1a239c73ecc70b224aedb5566f04cdb8689
-
SHA512
75e0ba081355634d6996af9eae2bdfd161d9fe6cfee25967d09fa148c2122d924c2206d72b76a503dcba2e1cbc42f878610e5164817b6d9c95c683c7252f0c19
-
SSDEEP
12288:8E1+CGi5U3xqGl2qvxuWKanVVcxxovK/wZ/o+1nF3QAPn/zFAps:d1+CJ5p5qAEVV4mvKqw+H3b/y
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-