General

  • Target

    SolTrader.exe

  • Size

    495KB

  • Sample

    241212-d96djszjgs

  • MD5

    ccc2a9c285c4371370a9e42d1eda4d11

  • SHA1

    5386f6856a56a1f78946a5ecae6328af6cfcafcf

  • SHA256

    448d837c45246409e24fd6e82198fdbced6d6759f82690336074e4f64ba45c11

  • SHA512

    7e8da5989f65988825db7380c1428dcc7a3afdac69153e45e8842321427d1a8b26b7422008120984e71891fc8f41287acb5a30057e98041cdb8a2ea0674ac34b

  • SSDEEP

    12288:VVPsXKsDhWGoxDt0LCgArZ4vHEGpQTMz72Kg2lgV:X0RWGoxDt0L8rqvHEclgV

Malware Config

Extracted

Family

redline

Botnet

fvcxcx

C2

185.81.68.147:1912

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

82.64.156.123:80

Mutex

9mzImB3NUR0Q

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      SolTrader.exe

    • Size

      495KB

    • MD5

      ccc2a9c285c4371370a9e42d1eda4d11

    • SHA1

      5386f6856a56a1f78946a5ecae6328af6cfcafcf

    • SHA256

      448d837c45246409e24fd6e82198fdbced6d6759f82690336074e4f64ba45c11

    • SHA512

      7e8da5989f65988825db7380c1428dcc7a3afdac69153e45e8842321427d1a8b26b7422008120984e71891fc8f41287acb5a30057e98041cdb8a2ea0674ac34b

    • SSDEEP

      12288:VVPsXKsDhWGoxDt0LCgArZ4vHEGpQTMz72Kg2lgV:X0RWGoxDt0L8rqvHEclgV

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Asyncrat family

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks