General
-
Target
37ae53ead74452038b0c77abd3302258.bin
-
Size
2KB
-
Sample
230821-bldmhsbg8w
-
MD5
6f41601cdce01ed99fef6e2c143c03c3
-
SHA1
3e8f5def9974f67c74cd902462c1c8007f90da7b
-
SHA256
30366af83c8706dbc4a540357aa10c20a75f35efb2a6f6b72362526da550b453
-
SHA512
29f3de9ce0e976669c2b800b396146264c85b87c7247e3f27d2d6b2c09b30c743f066ec6c18df464de2174f165cf09847846080bc1aecea54fddd249755e44ce
Static task
static1
Behavioral task
behavioral1
Sample
ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
sel8
Extracted
smokeloader
2022
https://anydesk-my.com/faq/
http://anydesk-my.com/faq/
Extracted
redline
94.142.138.147:23000
-
auth_value
ccff08893879012905ea16489b7e8ced
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
lokibot
http://2.59.254.19/fresh2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360.exe
-
Size
5KB
-
MD5
37ae53ead74452038b0c77abd3302258
-
SHA1
a94fcde275f0cc5a6257591681eff73949006d62
-
SHA256
ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360
-
SHA512
5f43ab309aeda971eaad5beafc62d3a7170ba2c9e859f116d4e1242d0f42a22b0b69695d7e23b761b70d0cf2b122d775b7e3347de11a2ab7173f14cb8bdf053f
-
SSDEEP
96:1EKnowbuz1quz1Sluz1nj3x/64PVDUtLvNv8ScpF/kVzNt:1HnoY0q0Sl0npVV2Lvh8JKv
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
StormKitty payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-