General
-
Target
Рекламный материал Компании HYPERPC.zip
-
Size
6.0MB
-
Sample
230119-m22vtscf8w
-
MD5
f706d16467388fdb00f171153a89c6f9
-
SHA1
e4af1a628cfbe9524e1d40498d9ee25bbaa2b1ef
-
SHA256
c960de5473e43c6b809237b17c6e13fad2fb45000d54d76374c58f53d843201c
-
SHA512
c0a146ae5a5a3d780b7c86e056f2e90e35efb86a40529e0dfe7d5442e27f2122f4fd15c4271f27bdfe4aecd6cf41094c2727173f134dac76207b71af5a46c719
-
SSDEEP
98304:atcJ4atrTBIYmOj9tClviBV7IkmNqHNYrOaL6e6szsJDUffMxPUyCp6XRz:S446PBJ19tQqT7IkmNqOOaJeKkPUyCpU
Static task
static1
Behavioral task
behavioral1
Sample
Рекламная презентация компании HYPERPC 09.exe
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Рекламная презентация компании HYPERPC 1,09 .scr
Resource
win10-20220812-en
Malware Config
Extracted
redline
22
79.137.207.219:12330
-
auth_value
046141cdf8f5a195f9586269e3d314af
Targets
-
-
Target
Рекламная презентация компании HYPERPC 09.exe
-
Size
268KB
-
MD5
926ac40c006e128c7af5add381c27988
-
SHA1
67313c1d660c18ae026f9ba090728bd5966874ae
-
SHA256
ec4200110ffb0a4c4cfd68900da46a5fbfb5971f9109954235cfec7e699f15f7
-
SHA512
4f79403494687fa3df44c3d18d82e1008aeab963b4fb81cd5b629afce90051ea91f1e38c8ddce994ba04663e55d17c37ae3a828b851efde5397d63d4cff93300
-
SSDEEP
6144:K6FhdUkNVQss50jrZnt9NG3QX30klHI1IPP:pj1tbGAHfFI1q
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Рекламная презентация компании HYPERPC 1,09 .scr
-
Size
268KB
-
MD5
926ac40c006e128c7af5add381c27988
-
SHA1
67313c1d660c18ae026f9ba090728bd5966874ae
-
SHA256
ec4200110ffb0a4c4cfd68900da46a5fbfb5971f9109954235cfec7e699f15f7
-
SHA512
4f79403494687fa3df44c3d18d82e1008aeab963b4fb81cd5b629afce90051ea91f1e38c8ddce994ba04663e55d17c37ae3a828b851efde5397d63d4cff93300
-
SSDEEP
6144:K6FhdUkNVQss50jrZnt9NG3QX30klHI1IPP:pj1tbGAHfFI1q
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-