redtiger | Trade_Up_Installer[.]exe | Triage

Sharing

General

Target

Trade_Up_Installer.exe
Size

267KB
MD5

79835ddd9be57c924f3cb1012d5faf11
SHA1

9f91d7aba0d505fa35b911196381c3f247b74d2c
SHA256

52cfa28cbfd8fd8ccc937f0c531c6efb68de5a059f73217954e79f11abc47367
SHA512

a5da15f5ec43368a9fd5e405c150dfe0c027f9de52016176fd3b7f70e345d4c08493d7bbcb7537ff5b32bf7ee16f2f3e35a6752d0f649a01d14e45bb0962d525
SSDEEP

1536:NIxTgCZKHl4TBDwMPmXqKQfUjlWbOVoTvD+sFIA:NqTgSKllWS+jD+uI

Score

10^/10

stealer redtiger

Malware Config

Signatures

Detects RedTiger Stealer 7 IoCs

resource	yara_rule
sample	redtigerv122
sample	redtigerv22
sample	redtiger_stealer_detection
sample	redtiger_stealer_detection_v2
sample	staticSred
sample	staticred
sample	redtiger_stealer_detection_v1

Redtiger family
redtiger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trade_Up_Installer.exe

Files

Trade_Up_Installer.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ