General
-
Target
6a2fe740af2f9b1bcf6b4f05bc38c810.exe
-
Size
48KB
-
Sample
230210-y5kw9sbc85
-
MD5
6a2fe740af2f9b1bcf6b4f05bc38c810
-
SHA1
17f247fb43800115495b4463f10355660e5d5b45
-
SHA256
1dac278c05c70bc6df9e9eff71a38932549c61f51e1fed6239420a3c542c0476
-
SHA512
12c428724eece2c7ae9b85fb5b5b95b5151ee9e0a0f5e8b3ab9739d6a7394e9f2374c03b0744c44d14cf10bc75c80f0e9c4e39587065d2db7e69a0286aa3c6ea
-
SSDEEP
768:mUkPIL2C6y+DiNbik7U8Yb2g1WyCXvEgK/JSTJVc6KN:mU22UzbpAyCXnkJqJVclN
Behavioral task
behavioral1
Sample
6a2fe740af2f9b1bcf6b4f05bc38c810.exe
Resource
win7-20220901-en
Malware Config
Extracted
asyncrat
1.0.7
Default
135.181.204.51:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Desktop Window Manager.exe
-
install_folder
%Temp%
Extracted
redline
cheat
135.181.204.51:20347
Targets
-
-
Target
6a2fe740af2f9b1bcf6b4f05bc38c810.exe
-
Size
48KB
-
MD5
6a2fe740af2f9b1bcf6b4f05bc38c810
-
SHA1
17f247fb43800115495b4463f10355660e5d5b45
-
SHA256
1dac278c05c70bc6df9e9eff71a38932549c61f51e1fed6239420a3c542c0476
-
SHA512
12c428724eece2c7ae9b85fb5b5b95b5151ee9e0a0f5e8b3ab9739d6a7394e9f2374c03b0744c44d14cf10bc75c80f0e9c4e39587065d2db7e69a0286aa3c6ea
-
SSDEEP
768:mUkPIL2C6y+DiNbik7U8Yb2g1WyCXvEgK/JSTJVc6KN:mU22UzbpAyCXnkJqJVclN
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-