General
-
Target
3c9da20ad78d24df53b661b7129959e0
-
Size
412KB
-
Sample
240123-brnpnsfce8
-
MD5
3c9da20ad78d24df53b661b7129959e0
-
SHA1
e7956e819cc1d2abafb2228a10cf22b9391fb611
-
SHA256
2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319
-
SHA512
1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4
-
SSDEEP
12288:eDmrLy4dMMrASo/n7zUvOTdlzAarl6LmH6RPz5N:um9MMo7zUKdlzlJ62qPP
Static task
static1
Behavioral task
behavioral1
Sample
3c9da20ad78d24df53b661b7129959e0.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
3c9da20ad78d24df53b661b7129959e0
-
Size
412KB
-
MD5
3c9da20ad78d24df53b661b7129959e0
-
SHA1
e7956e819cc1d2abafb2228a10cf22b9391fb611
-
SHA256
2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319
-
SHA512
1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4
-
SSDEEP
12288:eDmrLy4dMMrASo/n7zUvOTdlzAarl6LmH6RPz5N:um9MMo7zUKdlzlJ62qPP
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-