General
-
Target
tmp
-
Size
421KB
-
Sample
230302-2vj4rseg5w
-
MD5
42ff1c611e429a621a4b52be1d497380
-
SHA1
48082f398f1e5833e4c5a877eae26ed0cb2639df
-
SHA256
239f77c06654cd3c053d0abdf088fdb484ab502efb368776f45f9ed6ce7b1ec0
-
SHA512
68d2ad7bf6b67ad7708b74ec77e69fd10e6d047bb59a27e44bedd1a3cc030720690eeaa07c901fe0d778d6a1776ac857aa2ccffda882544b2f173e181f2370b4
-
SSDEEP
6144:g4u+5Sbfj+2KWMhoxptjwacFt8hjqe4wKc9TMDhwiJZKYXl7jt:e+AdKoxpea4tcjqeHADmiJYYXl7jt
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
154.91.0.57:28105
Extracted
netwire
thesirenmika.com:55713
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
ziggy123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
tmp
-
Size
421KB
-
MD5
42ff1c611e429a621a4b52be1d497380
-
SHA1
48082f398f1e5833e4c5a877eae26ed0cb2639df
-
SHA256
239f77c06654cd3c053d0abdf088fdb484ab502efb368776f45f9ed6ce7b1ec0
-
SHA512
68d2ad7bf6b67ad7708b74ec77e69fd10e6d047bb59a27e44bedd1a3cc030720690eeaa07c901fe0d778d6a1776ac857aa2ccffda882544b2f173e181f2370b4
-
SSDEEP
6144:g4u+5Sbfj+2KWMhoxptjwacFt8hjqe4wKc9TMDhwiJZKYXl7jt:e+AdKoxpea4tcjqeHADmiJYYXl7jt
-
NetWire RAT payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-