General
-
Target
Servjjjer.exe.bin
-
Size
175KB
-
Sample
230501-yxzqfsac3v
-
MD5
5b3cfe226cbf4629f1bf59d9a8b644cb
-
SHA1
709f112da624e832c9e257ffe68f7ad2cc08bb6f
-
SHA256
6894c104c50fea8b20c9d459919854463fa2aad13165bb0650deb946fb3b7de7
-
SHA512
485962e678cc88aecbf1f9028d55885f6290bf6ff33555b231938a1ae323ec06311963988fbae15466dc39249e3fadfe7e108e0d24ef54bc3fd858572d1384e9
-
SSDEEP
3072:Qe8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTLcwAqE+Wpor:pXtb5KcXr7XmfgqtjhAxZ0b2ko
Behavioral task
behavioral1
Sample
Servjjjer.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Servjjjer.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot5890094946:AAEYglD59tTB66C18AiuzpbBGVoAYux1-gc/sendMessage?chat_id=5969887379
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Servjjjer.exe.bin
-
Size
175KB
-
MD5
5b3cfe226cbf4629f1bf59d9a8b644cb
-
SHA1
709f112da624e832c9e257ffe68f7ad2cc08bb6f
-
SHA256
6894c104c50fea8b20c9d459919854463fa2aad13165bb0650deb946fb3b7de7
-
SHA512
485962e678cc88aecbf1f9028d55885f6290bf6ff33555b231938a1ae323ec06311963988fbae15466dc39249e3fadfe7e108e0d24ef54bc3fd858572d1384e9
-
SSDEEP
3072:Qe8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTLcwAqE+Wpor:pXtb5KcXr7XmfgqtjhAxZ0b2ko
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
StormKitty payload
-
Async RAT payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-