General
-
Target
C0met.zip
-
Size
15.7MB
-
Sample
230706-hr9qgahc95
-
MD5
dd3aa205a2c12cb081943e9bb6acc047
-
SHA1
a61dacfe81fb6445744220137e0ed8113bf40fef
-
SHA256
0f49d4879b83235428a204edb905ca7e822ce4374c90c8321951a85193e0837b
-
SHA512
e843484b232803af924f8acd07e6310d80d296eceb2236f6a9a692dd225ffbb7c2d0f0dcfa7975f399e69da50a3c79dd087abe2e63d94d276db520efa42f2efc
-
SSDEEP
393216:Ajotz987bHCisCq9dP++jCEpUZpuQ2GHQZfl1ZSxj8sL2yEAidp:AknMq9dPJOEpgtHGDsd7yyEj
Static task
static1
Behavioral task
behavioral1
Sample
Comet Executor/Comet.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
@dxrkl0rd
91.103.252.8:29975
-
auth_value
9750c50e8073b21d538cfb6d993427dc
Targets
-
-
Target
Comet Executor/Comet.exe
-
Size
350.0MB
-
MD5
b7fe913c365f483fc79be7d81c7445c2
-
SHA1
23cfb242c4610f3de72521f78c8af219dac57451
-
SHA256
72d28771d21b24cadbd362ca08e16653d13080c3551e6b1dec4f32132d7a1bee
-
SHA512
ff7cea53e441fd56f1b36672b5338c725477b5960fb279d141f7f4c04f5750ad88c645d94b942c4f9cf007f52850b708205ec1c732aeea05a9cf1a4e070a5fb1
-
SSDEEP
24576:rcfBkcC1amUUoLK4N8vnxQtQHEZe0EVzkLzgjcV4CKo0/fOA2tdvU/:rcfKcF9dN86/bE2AcV4Cf0OtxU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-