General
-
Target
e94abe514202de0a3e24c0f45ccea8a6.bin
-
Size
7.0MB
-
Sample
240208-eatfdacga9
-
MD5
2a0aeb791aab76497f60d9a8b9a98075
-
SHA1
ad9d81c282e492a88d2f12887cca62faa32a3797
-
SHA256
ee0e233335ea23dec38ffa3da3984859611606bf4ce1581701bd2c5bebe06f90
-
SHA512
7f384859f2cb77c5aaf7a3b47f2fe4f371159a3c3e7cd333debb3073776c6cc1eef123e16e0a26d9b5564adcbdda86a5e65dd5f553f7c07cb4922368696d6456
-
SSDEEP
196608:YaFYJca48X2aGYglFaF1qjsrKQ8A4Vcu5rynVv+P:PwBnsMF1m2Krev+
Static task
static1
Behavioral task
behavioral1
Sample
c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606.exe
-
Size
12.1MB
-
MD5
e94abe514202de0a3e24c0f45ccea8a6
-
SHA1
27770fa35ea2ca6e1cd87f669e21f5e29cfaa381
-
SHA256
c11314504d04b9714c1c3992ca673486a5c8ac96b60fbc892b2f94204296b606
-
SHA512
1fe72a35e6e0da642c42848d5009538ab97d5e833466abd25f2aa03e96f8b637a2a9a30054c8ebdf4cdf80570e39f387c9b6a535105a3e9b36b846570114c0d3
-
SSDEEP
196608:bI14Cek0gfc3haxZH+fiE1jlKkbSPSvFWuFBGFV42uL7e:bKekhfcuZH+XKgHFW+BGFVE7e
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-