General
-
Target
34da1a0340fd4b9409ef1853b12f3219a6dae215
-
Size
914KB
-
Sample
241109-b9f3jstnaw
-
MD5
6440f1d781cb8634fc75319df46feff7
-
SHA1
34da1a0340fd4b9409ef1853b12f3219a6dae215
-
SHA256
d91af630cbb6a8c648dfbd18e181fc6b8243e7c8e9bd4fb40045e4711a797b6a
-
SHA512
7c60fe08be6baa56a3df2bdbda18b70a2c3e85c2cb9967907e10478a3896d2b90e952a8a45f54833a03974254a8517680a88fad4b31336fe8b08e75ebc2bca73
-
SSDEEP
24576:2GHAp/tN9oeMVsYwZIgs46AEZ7CWG7RPHkHb4CO:2GHE/HPMtwZy46gh7RPHMDO
Static task
static1
Behavioral task
behavioral1
Sample
injcetor.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
injcetor.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
njrat
v2.0
HacKed
be09dd19.ddns.net:1337
Windows
-
reg_key
Windows
-
splitter
|-F-|
Extracted
redline
@heatwins
101.99.93.104:80
-
auth_value
17c423c2282427bab2bc1b1703c250bf
Targets
-
-
Target
injcetor.bin
-
Size
3.4MB
-
MD5
fd1f9974340c428b15e8bf838122326d
-
SHA1
c07709c671960f880c568516572b594ad5946029
-
SHA256
b2421dc681198079bfa3cae05c63750b3847211ab307051604c5e7e0ca2033a1
-
SHA512
647d9cc2d63dae6a4bfcb055b3d82bfae887fe08dfc04de6312f4a9953c64bbb2a16e225e79ee0ce1777676ab9465942e3a165a9d0feb921173858a3b4a10953
-
SSDEEP
24576:VQqt82oJ5L4RGVFoQ0C/Q12H0RmAdmR8dG2FAYOcy7qWDLUTk+vJ3UcDS0ScE1k9:BxyqCLQFzB5
-
Njrat family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1