General
-
Target
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f
-
Size
36KB
-
Sample
230801-qrav5shb5y
-
MD5
01e4bf54de7fad5f68a17229f28c250b
-
SHA1
7d1c36f3cd36437990e9df1469581ae76f453916
-
SHA256
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f
-
SHA512
75bc6e1047eedac61032139ede130add47ec2423da94f52c796821c62678889cb9968173af0a39291d916eed4cc2d041352554859a7c6c191e82914ed460ff3a
-
SSDEEP
384:6xwJkR2ripNxsDd/NTffvUWyXjMkWSkQIw8kwMaXqwQmyU/51KreZEpk76O9:mDOdFr7yXoBQZAQveO1iGQ
Static task
static1
Behavioral task
behavioral1
Sample
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
ch
79.134.225.80:11747
Extracted
quasar
1.3.0.0
16th JULY
198.98.54.161:6666
QSR_MUTEX_Pl8uFsFQG2ggU9gBx9
-
encryption_key
3XivPs8YQVpfxU1EhGZE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
notes
-
subdirectory
SubDir
Targets
-
-
Target
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f
-
Size
36KB
-
MD5
01e4bf54de7fad5f68a17229f28c250b
-
SHA1
7d1c36f3cd36437990e9df1469581ae76f453916
-
SHA256
09b6791aa44d4ea5ef9fde46e065d4088148d90748a2c5e65305b116e09ba08f
-
SHA512
75bc6e1047eedac61032139ede130add47ec2423da94f52c796821c62678889cb9968173af0a39291d916eed4cc2d041352554859a7c6c191e82914ed460ff3a
-
SSDEEP
384:6xwJkR2ripNxsDd/NTffvUWyXjMkWSkQIw8kwMaXqwQmyU/51KreZEpk76O9:mDOdFr7yXoBQZAQveO1iGQ
-
Quasar payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-