General
-
Target
39d5192f3a11bbf4bd0025150d06b750
-
Size
3.5MB
-
Sample
231225-yq2w8seger
-
MD5
39d5192f3a11bbf4bd0025150d06b750
-
SHA1
28dfd904541a136583ff842289ffec1d3a6b97d4
-
SHA256
c0f1f0d029dff817fd2b640b2aef85bf0b387f404d213ce09335eaf0a3614411
-
SHA512
c750fe8c7b001cc6e909dbbb7d008d465245cfd669bac8b403d241f395e553fd09cdf599540d118be5512f706871db3b62ab4d66bfcbd3419f5c8e8fb9ada8ff
-
SSDEEP
49152:+k5m9LGDHTnKRy8wPPjiOBV1cBqlfJxTdfNdLqzpgfSQveMfapFa:mm8y8wP7iOVcBGDjdLqzkvdKs
Static task
static1
Behavioral task
behavioral1
Sample
39d5192f3a11bbf4bd0025150d06b750.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
39d5192f3a11bbf4bd0025150d06b750.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.wygexde.xyz/
Extracted
redline
Liez
liezaphare.xyz:80
Extracted
redline
UPD
185.215.113.45:41009
Extracted
gcleaner
gc-prtnrs.top
gcc-prtnrs.top
Targets
-
-
Target
39d5192f3a11bbf4bd0025150d06b750
-
Size
3.5MB
-
MD5
39d5192f3a11bbf4bd0025150d06b750
-
SHA1
28dfd904541a136583ff842289ffec1d3a6b97d4
-
SHA256
c0f1f0d029dff817fd2b640b2aef85bf0b387f404d213ce09335eaf0a3614411
-
SHA512
c750fe8c7b001cc6e909dbbb7d008d465245cfd669bac8b403d241f395e553fd09cdf599540d118be5512f706871db3b62ab4d66bfcbd3419f5c8e8fb9ada8ff
-
SSDEEP
49152:+k5m9LGDHTnKRy8wPPjiOBV1cBqlfJxTdfNdLqzpgfSQveMfapFa:mm8y8wP7iOVcBGDjdLqzkvdKs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Socelars payload
-
OnlyLogger payload
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-