General
-
Target
deepweb.exe
-
Size
95KB
-
Sample
231121-2s66hsha65
-
MD5
7a51a34ca5ccfe6eb43ef6abc0f92d46
-
SHA1
115643f90fb03144d2486f3a5f1b67d9cd8b42f1
-
SHA256
5675b6a982a8224078a4c5338480f37f536a29ade205f85a39d2cbe6cc28815d
-
SHA512
e4756b82c6d8e82885842439d87675d8227ac0375d4b363f411caef06e7f3179d4a406d58ee5167826f9f3b5b3efd31f727ec6e2efa62eb0b1a5d13e134d8f88
-
SSDEEP
1536:5qskbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2HtmulgS6p8l:X2wiYj+zi0ZbYe1g0ujyzd38
Behavioral task
behavioral1
Sample
deepweb.exe
Resource
win7-20231023-en
Malware Config
Extracted
redline
11/21/23
91.92.241.80:1337
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
11/15/24INJECT
561465416dfg14reg14t43684436t8453434
-
delay
5
-
install
true
-
install_file
svchost.exe
-
install_folder
%Temp%
Extracted
asyncrat
q5/FrDGAeLVkSXsaonU5rhB8ApDVsV3LVfxwRFqOBNVJjCmLe0ijZ8ch441TIv9e�YhaXJNUHbu8WUppfMiLX2rSEzMECSm0OuN4rgt8ugMlS32dIyps7WOjUa6Pjz2/
11/15/24INJECT
561465416dfg14reg14t43684436t8453434
-
delay
5
-
install
true
-
install_file
svchost.exe
-
install_folder
%Temp%
Targets
-
-
Target
deepweb.exe
-
Size
95KB
-
MD5
7a51a34ca5ccfe6eb43ef6abc0f92d46
-
SHA1
115643f90fb03144d2486f3a5f1b67d9cd8b42f1
-
SHA256
5675b6a982a8224078a4c5338480f37f536a29ade205f85a39d2cbe6cc28815d
-
SHA512
e4756b82c6d8e82885842439d87675d8227ac0375d4b363f411caef06e7f3179d4a406d58ee5167826f9f3b5b3efd31f727ec6e2efa62eb0b1a5d13e134d8f88
-
SSDEEP
1536:5qskbqDylbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2HtmulgS6p8l:X2wiYj+zi0ZbYe1g0ujyzd38
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-