General
-
Target
SolTrader.exe
-
Size
495KB
-
Sample
241212-d96djszjgs
-
MD5
ccc2a9c285c4371370a9e42d1eda4d11
-
SHA1
5386f6856a56a1f78946a5ecae6328af6cfcafcf
-
SHA256
448d837c45246409e24fd6e82198fdbced6d6759f82690336074e4f64ba45c11
-
SHA512
7e8da5989f65988825db7380c1428dcc7a3afdac69153e45e8842321427d1a8b26b7422008120984e71891fc8f41287acb5a30057e98041cdb8a2ea0674ac34b
-
SSDEEP
12288:VVPsXKsDhWGoxDt0LCgArZ4vHEGpQTMz72Kg2lgV:X0RWGoxDt0L8rqvHEclgV
Static task
static1
Behavioral task
behavioral1
Sample
SolTrader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SolTrader.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fvcxcx
185.81.68.147:1912
Extracted
asyncrat
0.5.8
Default
82.64.156.123:80
9mzImB3NUR0Q
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SolTrader.exe
-
Size
495KB
-
MD5
ccc2a9c285c4371370a9e42d1eda4d11
-
SHA1
5386f6856a56a1f78946a5ecae6328af6cfcafcf
-
SHA256
448d837c45246409e24fd6e82198fdbced6d6759f82690336074e4f64ba45c11
-
SHA512
7e8da5989f65988825db7380c1428dcc7a3afdac69153e45e8842321427d1a8b26b7422008120984e71891fc8f41287acb5a30057e98041cdb8a2ea0674ac34b
-
SSDEEP
12288:VVPsXKsDhWGoxDt0LCgArZ4vHEGpQTMz72Kg2lgV:X0RWGoxDt0L8rqvHEclgV
-
Asyncrat family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2