General
-
Target
AxoPac.rar
-
Size
20.6MB
-
Sample
240420-dkmj5sff4x
-
MD5
e6f671197bc5eca6ee28e5ac29dc6615
-
SHA1
54bc05ce0f7ab9da102505022e551da5d8856a90
-
SHA256
274d9287308cb40c4facfe81679a80783a061efb7772b4a8c3b7eb05dc0e419b
-
SHA512
774492d112915607d92e30f6fa6fc62e0a40d5b6dacbbb0f8ec9b992f85e5f2bb25f5c7564fd494206d3d9e03984446c4e40715b9bdb7dd39357f67deaf303a9
-
SSDEEP
393216:/LVcOR/Pp72TAHwPMCEtu+o517JXRbIu9JpJKxDRsn2bZ/exuW9:RcOR/xyMQ4tu++5Rn9+9s2bw7
Static task
static1
Behavioral task
behavioral1
Sample
AxoPac.rar
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
AxoPac.rar
-
Size
20.6MB
-
MD5
e6f671197bc5eca6ee28e5ac29dc6615
-
SHA1
54bc05ce0f7ab9da102505022e551da5d8856a90
-
SHA256
274d9287308cb40c4facfe81679a80783a061efb7772b4a8c3b7eb05dc0e419b
-
SHA512
774492d112915607d92e30f6fa6fc62e0a40d5b6dacbbb0f8ec9b992f85e5f2bb25f5c7564fd494206d3d9e03984446c4e40715b9bdb7dd39357f67deaf303a9
-
SSDEEP
393216:/LVcOR/Pp72TAHwPMCEtu+o517JXRbIu9JpJKxDRsn2bZ/exuW9:RcOR/xyMQ4tu++5Rn9+9s2bw7
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-