General
-
Target
4ee60c6722bcce37fdd901bfbff058fb.exe
-
Size
2.5MB
-
Sample
240205-rzq3rscban
-
MD5
4ee60c6722bcce37fdd901bfbff058fb
-
SHA1
b7579547eb1eb9d9520e4f367c42e1204dc9ad1a
-
SHA256
3a134837e2603fb96e6096f6d804472de18bc8b78bc7264d766a02c363ebe8f0
-
SHA512
d1c65eb635e0e45eb11180adc30291ba4b4126e0f1b7efb801974832d378b325a5989a5cb36f0b6653cd88f92ed11b17195dacf66eac4c89634f86e1b21e798f
-
SSDEEP
49152:jPfhe3bxwpBz5ZtYYnY50pu4hzRcjb2hjzCgWeIjWDu9aq3vKvq:ThZrLnYuu4hyjidzvWeof9awvGq
Static task
static1
Behavioral task
behavioral1
Sample
4ee60c6722bcce37fdd901bfbff058fb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4ee60c6722bcce37fdd901bfbff058fb.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Extracted
risepro
65.109.90.47:50500
193.233.132.62:50500
Extracted
redline
LiveTrafic
20.79.30.95:33223
Targets
-
-
Target
4ee60c6722bcce37fdd901bfbff058fb.exe
-
Size
2.5MB
-
MD5
4ee60c6722bcce37fdd901bfbff058fb
-
SHA1
b7579547eb1eb9d9520e4f367c42e1204dc9ad1a
-
SHA256
3a134837e2603fb96e6096f6d804472de18bc8b78bc7264d766a02c363ebe8f0
-
SHA512
d1c65eb635e0e45eb11180adc30291ba4b4126e0f1b7efb801974832d378b325a5989a5cb36f0b6653cd88f92ed11b17195dacf66eac4c89634f86e1b21e798f
-
SSDEEP
49152:jPfhe3bxwpBz5ZtYYnY50pu4hzRcjb2hjzCgWeIjWDu9aq3vKvq:ThZrLnYuu4hyjidzvWeof9awvGq
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-