General
-
Target
715455aef5e60b76962c64b6a1f1507d07566abc220c624c03b47b90e3cb4921
-
Size
539KB
-
Sample
230131-j3evxafe98
-
MD5
1137589aa44bf2facb839b4a4abcb941
-
SHA1
7f86e36f26d36a2a9e4adac82a29668f8a4aab5c
-
SHA256
715455aef5e60b76962c64b6a1f1507d07566abc220c624c03b47b90e3cb4921
-
SHA512
60b9490cbddb1ea965a25ccb2996cde646605b1e05558426f7426cd980710638b690bfe18d5f589c67f881a6ac670b77a57a5dbfc89698cf01ad5711cbbf32ac
-
SSDEEP
12288:IdXvDWopdu11GNJGUOXOoDscvVqILhtgNUJh9UhJwYL:Mv6oLM2GvXOoHdqIdgUJeTL
Behavioral task
behavioral1
Sample
715455aef5e60b76962c64b6a1f1507d07566abc220c624c03b47b90e3cb4921.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
ff
51.103.208.104:53200
Extracted
asyncrat
0.5.7B
WHostProjess
95.70.151.185:8805
WHostProjess
-
delay
3
-
install
false
-
install_file
WHostProjess
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
SecurityHealthService
20.4.6.16:43521
SecurityHealthService
-
delay
3
-
install
false
-
install_file
SecurityHealthService
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
WindoosDGuard
20.4.6.16:43521
WindoosDGuard
-
delay
3
-
install
false
-
install_file
WindoosDGuard
-
install_folder
%AppData%
Extracted
asyncrat
1.0.7
WindowsDefenderSmarttScreen
217.64.31.3:9742
WindowsDefenderSmarttScreen
-
delay
1
-
install
false
-
install_file
WindowsDefenderSmarttScreen.exe
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
715455aef5e60b76962c64b6a1f1507d07566abc220c624c03b47b90e3cb4921
-
Size
539KB
-
MD5
1137589aa44bf2facb839b4a4abcb941
-
SHA1
7f86e36f26d36a2a9e4adac82a29668f8a4aab5c
-
SHA256
715455aef5e60b76962c64b6a1f1507d07566abc220c624c03b47b90e3cb4921
-
SHA512
60b9490cbddb1ea965a25ccb2996cde646605b1e05558426f7426cd980710638b690bfe18d5f589c67f881a6ac670b77a57a5dbfc89698cf01ad5711cbbf32ac
-
SSDEEP
12288:IdXvDWopdu11GNJGUOXOoDscvVqILhtgNUJh9UhJwYL:Mv6oLM2GvXOoHdqIdgUJeTL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-