General
-
Target
panel.exe.bin
-
Size
170KB
-
Sample
230505-zpz7paec32
-
MD5
470a8267b5eba7eb998d9fa69532f849
-
SHA1
1152ddb2ab93aae9983e3e8b5c4f367875323e3e
-
SHA256
6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e
-
SHA512
5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d
-
SSDEEP
3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3
Behavioral task
behavioral1
Sample
panel.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
panel.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6093966625:AAHk4dddHb8B1faCcFqL3um1gmB-f2mWhyc/sendMessage?chat_id=5529838804
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
panel.exe.bin
-
Size
170KB
-
MD5
470a8267b5eba7eb998d9fa69532f849
-
SHA1
1152ddb2ab93aae9983e3e8b5c4f367875323e3e
-
SHA256
6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e
-
SHA512
5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d
-
SSDEEP
3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
StormKitty payload
-
Async RAT payload
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-