4d8daf45a5fcf7480739974e1d9ecac7370462f66196dd14b9a38020120dc202

General

Target

Redact-Setup-0.17.4.exe
Size

71.1MB
Sample

240602-3bvxlaag6v
MD5

34dc26c43d1c95019b5a390eb5e5fcc2
SHA1

c74edda8d14c6683eeb482344f009b1ac0f97491
SHA256

4d8daf45a5fcf7480739974e1d9ecac7370462f66196dd14b9a38020120dc202
SHA512

3fdb707661075555112672ed0157ba45bb65581d58b5f6c045a32cdd830acb24bdbcdb62dd48ab743d221f13e4d0d0824f0bb2edff5da1ce5f923ab43e3babcc
SSDEEP

1572864:WXeyzeKgzQOKuPjz++x1vWx4gYaVsxYTCs68KGz6kz:WXF8zQOKundve4gayjpz

Score

7^/10

Malware Config

Targets

- Target
  
  Redact-Setup-0.17.4.exe
- Size
  
  71.1MB
- MD5
  
  34dc26c43d1c95019b5a390eb5e5fcc2
- SHA1
  
  c74edda8d14c6683eeb482344f009b1ac0f97491
- SHA256
  
  4d8daf45a5fcf7480739974e1d9ecac7370462f66196dd14b9a38020120dc202
- SHA512
  
  3fdb707661075555112672ed0157ba45bb65581d58b5f6c045a32cdd830acb24bdbcdb62dd48ab743d221f13e4d0d0824f0bb2edff5da1ce5f923ab43e3babcc
- SSDEEP
  
  1572864:WXeyzeKgzQOKuPjz++x1vWx4gYaVsxYTCs68KGz6kz:WXF8zQOKundve4gayjpz
Score

7^/10

discovery execution spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
behavioral1 behavioral2
- Target
  
  Redact.exe
- Size
  
  155.7MB
- MD5
  
  ea71b84ef622908a82dbf260fc798c57
- SHA1
  
  cd2c4c8e7923e45d88609dff7cfa0088556ff711
- SHA256
  
  af2eb7d7f6d8adb4c501aed5a6d89fbe6a5bef2460194f71143f139f637ae10e
- SHA512
  
  ce487b6f046d11362160d67368c198ad7ca187618f20dc4894bd62dc7905929482a19355fb090de66dfa2f0c9da64785ecf0ffb6de3b15ffc40ef6b6533846cb
- SSDEEP
  
  1572864:sAbYR2tKLDlPCDlrbnGDDX9lWOp+gEj09Yl4g7H01vejHK5HVRvq1/H/XorJLfQz:XmDLL3UPK3kd
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  resources/elevate.exe
- Size
  
  127KB
- MD5
  
  0c5eddcbcda71a2f93b8fc5efe0c4378
- SHA1
  
  812c4885e5eed8b21c7ff7441e59c19a014a6b08
- SHA256
  
  1584d5c283fa80ace65cf1716008b385ae703260b169f0d1ed7df06347cc2a5f
- SHA512
  
  9c0264d663993dc9c9244531b48612b90774aced30709a6a8749acf1fd0e769870adcee3c32c0ac8d720bfabd4c33cc3a787b12f900b11e60dc7de7ce1ebb4f5
- SSDEEP
  
  3072:z9bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlipQpy:BPrwRhte1XsE1lipQpy
Score

1^/10
behavioral5 behavioral6