General
-
Target
4a5e4b6764dc780fd11055c6324a0875.exe
-
Size
136KB
-
Sample
230320-ccph4abc76
-
MD5
4a5e4b6764dc780fd11055c6324a0875
-
SHA1
ac711ae5b692c63ade36482e5532db153f208abd
-
SHA256
b66dd893c2dc2c5e7f23595a9cda5b65d70adb2df285c17b03ed0eaacffcf1b8
-
SHA512
5ecd8f23324255882e77cd1b87775a528e38af1a266e6dcf4888050eebae4ae827d1b17f4b74706a2099385d261b492ce39ba6bcc4872baf36b4d940d4db9e46
-
SSDEEP
1536:JxqjQ+P04wsmJCmzi0Zb78ivombfexv0ujXyyed2k3tmulgS6p8li1qqsCbqDylI:sr85Cmzi0ZbYe1g0ujyzdO8iYEwiYjV
Behavioral task
behavioral1
Sample
4a5e4b6764dc780fd11055c6324a0875.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4a5e4b6764dc780fd11055c6324a0875.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
cheat
8.tcp.ngrok.io:10052
Targets
-
-
Target
4a5e4b6764dc780fd11055c6324a0875.exe
-
Size
136KB
-
MD5
4a5e4b6764dc780fd11055c6324a0875
-
SHA1
ac711ae5b692c63ade36482e5532db153f208abd
-
SHA256
b66dd893c2dc2c5e7f23595a9cda5b65d70adb2df285c17b03ed0eaacffcf1b8
-
SHA512
5ecd8f23324255882e77cd1b87775a528e38af1a266e6dcf4888050eebae4ae827d1b17f4b74706a2099385d261b492ce39ba6bcc4872baf36b4d940d4db9e46
-
SSDEEP
1536:JxqjQ+P04wsmJCmzi0Zb78ivombfexv0ujXyyed2k3tmulgS6p8li1qqsCbqDylI:sr85Cmzi0ZbYe1g0ujyzdO8iYEwiYjV
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Legitimate hosting services abused for malware hosting/C2
-