General
-
Target
tmp
-
Size
95KB
-
Sample
240113-lxfalaggh7
-
MD5
3c78cef4203a47012167be0877274540
-
SHA1
8fba278e3fbcfcf5dffc871a92aa0a5a382edda8
-
SHA256
202ebcf24cd4b6a4394e7dddd7ee98bceb9ac2b8c281e9f4610c7a93dafaa959
-
SHA512
009391e72b23e5fd963a09dc1a91db37b9b0815cea80311333c8c7f52cb0c43095cc29b60d7db145b49006b7c2fdcdfda31e52c8f6ceeb7085c4dc615b3fae66
-
SSDEEP
1536:9qs+NqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2jteulgS6pY:rqMOY3+zi0ZbYe1g0ujyzdvY
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
Exodus
91.92.255.187:1334
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Exodus
91.92.255.187:4449
ypyertvpyqfr
-
delay
1
-
install
true
-
install_file
chromeupdate.exe
-
install_folder
%AppData%
Targets
-
-
Target
tmp
-
Size
95KB
-
MD5
3c78cef4203a47012167be0877274540
-
SHA1
8fba278e3fbcfcf5dffc871a92aa0a5a382edda8
-
SHA256
202ebcf24cd4b6a4394e7dddd7ee98bceb9ac2b8c281e9f4610c7a93dafaa959
-
SHA512
009391e72b23e5fd963a09dc1a91db37b9b0815cea80311333c8c7f52cb0c43095cc29b60d7db145b49006b7c2fdcdfda31e52c8f6ceeb7085c4dc615b3fae66
-
SSDEEP
1536:9qs+NqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2jteulgS6pY:rqMOY3+zi0ZbYe1g0ujyzdvY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-