General
-
Target
f05e4420dfc79226b34b0f7e3d1a65f1.exe
-
Size
3.1MB
-
Sample
240109-xmyjzahgf9
-
MD5
f05e4420dfc79226b34b0f7e3d1a65f1
-
SHA1
95c5fc288a628e2fba01879b0dbe0dbbd79ae74f
-
SHA256
bd887a31360a06cf6094b3b889bf7ec9d835c9642bff6a0ed98bb248f225bf24
-
SHA512
d427c45f260e9bd38fa5a843c4eeff5482c102ace9b3f083ce015e9ce303dd9c481b70a715764c3cec16c6dc0246ad66f251197945f52a13e4e5eab77542ce38
-
SSDEEP
98304:qw3BM5HPz7UtPTkJY58taa7RTBQl50HeaCdRd9zojPGuH:qw3EHPzOTkJYla7RTBQl509CdRd9zojH
Static task
static1
Behavioral task
behavioral1
Sample
f05e4420dfc79226b34b0f7e3d1a65f1.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
UPD
185.215.113.45:41009
Extracted
gcleaner
g-prtnrs.top
g-prtrs.top
Extracted
asyncrat
0.5.7B
Default
whiteshadows.ddns.net:9731
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
microsoft 2.exe
-
install_folder
%AppData%
Extracted
redline
Liez
liezaphare.xyz:80
Targets
-
-
Target
f05e4420dfc79226b34b0f7e3d1a65f1.exe
-
Size
3.1MB
-
MD5
f05e4420dfc79226b34b0f7e3d1a65f1
-
SHA1
95c5fc288a628e2fba01879b0dbe0dbbd79ae74f
-
SHA256
bd887a31360a06cf6094b3b889bf7ec9d835c9642bff6a0ed98bb248f225bf24
-
SHA512
d427c45f260e9bd38fa5a843c4eeff5482c102ace9b3f083ce015e9ce303dd9c481b70a715764c3cec16c6dc0246ad66f251197945f52a13e4e5eab77542ce38
-
SSDEEP
98304:qw3BM5HPz7UtPTkJY58taa7RTBQl50HeaCdRd9zojPGuH:qw3EHPzOTkJYla7RTBQl509CdRd9zojH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Async RAT payload
-
OnlyLogger payload
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-