General
-
Target
redtyger.exe
-
Size
22.0MB
-
Sample
240419-c7t23aee69
-
MD5
e284540045955dfe4489ce897d0fe719
-
SHA1
6cb7ab97abe51beb7f5e860dd4683eff67622a67
-
SHA256
119ac9d0a8f71f2b1341a0f9f3fad9c12ca9453435e489220aa679fa742dab8c
-
SHA512
1c4a5e8af08c15a0e2911ddfd40ccb780af6fed476713d0a3d939514ae7e8e48eae9c14918249027235e891a0005cf52fd04424208034f869c0a1fd796e58655
-
SSDEEP
393216:oEkQ5S5AWfqy4gP8AxYD/1+TtIiF5Y9Z8D8Ccl6lqFFCDnnbVfKkgutKj:oeaAWfd4bXr1QtIQa8DZcIlqTCDnwkTQ
Behavioral task
behavioral1
Sample
redtyger.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
redtyger.exe
-
Size
22.0MB
-
MD5
e284540045955dfe4489ce897d0fe719
-
SHA1
6cb7ab97abe51beb7f5e860dd4683eff67622a67
-
SHA256
119ac9d0a8f71f2b1341a0f9f3fad9c12ca9453435e489220aa679fa742dab8c
-
SHA512
1c4a5e8af08c15a0e2911ddfd40ccb780af6fed476713d0a3d939514ae7e8e48eae9c14918249027235e891a0005cf52fd04424208034f869c0a1fd796e58655
-
SSDEEP
393216:oEkQ5S5AWfqy4gP8AxYD/1+TtIiF5Y9Z8D8Ccl6lqFFCDnnbVfKkgutKj:oeaAWfd4bXr1QtIQa8DZcIlqTCDnwkTQ
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-