General
-
Target
BLACKSOFT.rar
-
Size
5.0MB
-
Sample
240426-2tknxadg65
-
MD5
7483e1999f29e9c7ece0dd99395c997c
-
SHA1
a2586dfece078d2c26b8193b270ba9c537dbe9c0
-
SHA256
327ceae282c6c3f4f34e62d97dc2e58486f872c5dc319a33a67e2826e64b4fa3
-
SHA512
b4fa03b3766601567604f24de1061241aac812d60a713eebcadc4450f02b28f47954aea8416e7cf6d54be0125ca58271b0d27be99900d641e9f567cd80a63c82
-
SSDEEP
98304:6tlOZm+HrK63UaQwzZKLWKBmwVTH3x+eKtiCmYnxOt/t6ntnEcuk:ylO8+LKUrxziWKBmwdXxEiYnxO1t6nt7
Static task
static1
Behavioral task
behavioral1
Sample
LaucnhBHF.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
LaucnhBHF.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Launcher.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Launcher.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
LaucnhBHF.exe
-
Size
800.0MB
-
MD5
fa1874358e96ad36cfd415a2cae786e8
-
SHA1
420f6ef50307324e6467cc1f729ad44d23c1c8cb
-
SHA256
042c6ef46e184e5eebc0ba198abb6c4e7ef7c6e2840d3ccf8c2608fac57a84a4
-
SHA512
a614ddbfe4e468fca681e628b960c397c7788f863745959b0c615eb8e1c32134ba683ef292701a0860e3c31cf4b8eb49a075e291a89ca7a2d7ba5db187bd6351
-
SSDEEP
24576:MNZQnEK4hZpx3mUDxBOIUin2RlZeXTQfEZwYbS9DE7:8cEK+px3hDxBOISBfEZvkO
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Launcher.dll
-
Size
7.5MB
-
MD5
cbb81f28c5a509e4f7e3e44bc7da74f8
-
SHA1
47145f07bc7d0083d3bd13a9da44bac740952029
-
SHA256
413bf9c2cff6fe7b97eae199683df7f6d648fad4c25cb6d0b7dce335eb69edba
-
SHA512
bc863ebb2f5fd66f342be8befb49889dd275adb15cff95ed378e185190091589c8d1d7a8902ca889a7b2af81588c731bfa0a930f074fecadd9b47a082966079c
-
SSDEEP
98304:koD5geAsEDKN0xOLy2MsmCkQejop7PGXleggxF:kfD/mexOLy0GoNPGXledT
Score1/10 -