General
-
Target
Executor Installer.exe
-
Size
300.0MB
-
Sample
240426-al4chagd41
-
MD5
ce52d76fa19eef8e2ba89a9eee3911cc
-
SHA1
2d44c9a520a92e508e69622b481dd0363da80b80
-
SHA256
e49f4be0e09d6360d6fe877dc7245a5ca0f9c91cbb73688dc62038ed096d5b09
-
SHA512
fd6323b7d6006ddd4f728097481873353ecd50d262be514a316e0c16c6bb2f91be7963f4931c96f7383ae811944696e8b365f8176ff21638725f6ef42e815550
-
SSDEEP
24576:fNO2MOoMWSUDUfJBl3PzKcP5rBZBdXqfXJ4bXYEdNZOPtDngAh6b4xjGFoOUBfxa:l7GkxBl/zRHBNqsBdratDVfhGFoOUBfs
Static task
static1
Behavioral task
behavioral1
Sample
Executor Installer.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Executor Installer.exe
-
Size
300.0MB
-
MD5
ce52d76fa19eef8e2ba89a9eee3911cc
-
SHA1
2d44c9a520a92e508e69622b481dd0363da80b80
-
SHA256
e49f4be0e09d6360d6fe877dc7245a5ca0f9c91cbb73688dc62038ed096d5b09
-
SHA512
fd6323b7d6006ddd4f728097481873353ecd50d262be514a316e0c16c6bb2f91be7963f4931c96f7383ae811944696e8b365f8176ff21638725f6ef42e815550
-
SSDEEP
24576:fNO2MOoMWSUDUfJBl3PzKcP5rBZBdXqfXJ4bXYEdNZOPtDngAh6b4xjGFoOUBfxa:l7GkxBl/zRHBNqsBdratDVfhGFoOUBfs
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-