redtiger | 46104946f183ed5a7653d3f54e16e6cabfefde25c782b52a99811c416b515e95

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ares-Installer-0.1.jar
Size

167KB
MD5

80564e55f59f50060710370dacc172cb
SHA1

eb96fa070147b44cd91aefa042b2c2f90d24d209
SHA256

46104946f183ed5a7653d3f54e16e6cabfefde25c782b52a99811c416b515e95
SHA512

00dc40012a9cce1a163858fb08fec5e7fd7adc9ff11be217ae01d30bc0cca3c7daa0957b31691f01221c0662034140dcdd98af64d0e9b2173766919449a5cf30
SSDEEP

3072:ooqpJcEyHPpKJuS39ELtojC2BM16orwRIXs0YIYoR+wy/Q0mF+d:otZ8pK398tbh1CIXs05RLy/h2u

Score

10^/10

redtiger stealer

Malware Config

Signatures

Detects RedTiger Stealer 64 IoCs

stealer

resource	yara_rule
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtigerv122
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtigerv22
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	staticSred
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	staticred
behavioral2/memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtigerv122
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtigerv22
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	staticSred
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	staticred
behavioral2/memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtigerv122
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtigerv22
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	staticSred
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	staticred
behavioral2/memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtigerv122
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtigerv22
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	staticSred
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	staticred
behavioral2/memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	redtigerv122
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	redtigerv22
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	staticSred
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	staticred
behavioral2/memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtigerv122
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtigerv22
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	staticSred
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	staticred
behavioral2/memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtigerv122
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtigerv22
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	staticSred
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	staticred
behavioral2/memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtigerv122
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtigerv22
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	staticSred
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	staticred
behavioral2/memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtigerv122
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtigerv22
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	staticSred
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	staticred
behavioral2/memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/memory/4780-112-0x0000021F14050000-0x0000021F14060000-memory.dmp	redtigerv122

Redtiger family
redtiger

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4780	java.exe
4780	java.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Ares-Installer-0.1.jar
1⤵
- Suspicious use of SetWindowsHookEx
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4780-2-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp

Filesize
2.4MB

Download
memory/4780-18-0x0000021F13F20000-0x0000021F13F30000-memory.dmp

Filesize
64KB

Download
memory/4780-20-0x0000021F13F30000-0x0000021F13F40000-memory.dmp

Filesize
64KB

Download
memory/4780-22-0x0000021F13F40000-0x0000021F13F50000-memory.dmp

Filesize
64KB

Download
memory/4780-28-0x0000021F13F70000-0x0000021F13F80000-memory.dmp

Filesize
64KB

Download
memory/4780-26-0x0000021F13F60000-0x0000021F13F70000-memory.dmp

Filesize
64KB

Download
memory/4780-25-0x0000021F13F50000-0x0000021F13F60000-memory.dmp

Filesize
64KB

Download
memory/4780-31-0x0000021F13F80000-0x0000021F13F90000-memory.dmp

Filesize
64KB

Download
memory/4780-32-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp

Filesize
64KB

Download
memory/4780-35-0x0000021F13FA0000-0x0000021F13FB0000-memory.dmp

Filesize
64KB

Download
memory/4780-41-0x0000021F13F20000-0x0000021F13F30000-memory.dmp

Filesize
64KB

Download
memory/4780-46-0x0000021F13F40000-0x0000021F13F50000-memory.dmp

Filesize
64KB

Download
memory/4780-50-0x0000021F13FF0000-0x0000021F14000000-memory.dmp

Filesize
64KB

Download
memory/4780-49-0x0000021F13F60000-0x0000021F13F70000-memory.dmp

Filesize
64KB

Download
memory/4780-52-0x0000021F14000000-0x0000021F14010000-memory.dmp

Filesize
64KB

Download
memory/4780-48-0x0000021F13F50000-0x0000021F13F60000-memory.dmp

Filesize
64KB

Download
memory/4780-55-0x0000021F14010000-0x0000021F14020000-memory.dmp

Filesize
64KB

Download
memory/4780-54-0x0000021F13F70000-0x0000021F13F80000-memory.dmp

Filesize
64KB

Download
memory/4780-45-0x0000021F13FE0000-0x0000021F13FF0000-memory.dmp

Filesize
64KB

Download
memory/4780-44-0x0000021F13FD0000-0x0000021F13FE0000-memory.dmp

Filesize
64KB

Download
memory/4780-43-0x0000021F13F30000-0x0000021F13F40000-memory.dmp

Filesize
64KB

Download
memory/4780-40-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp

Filesize
64KB

Download
memory/4780-39-0x0000021F13FB0000-0x0000021F13FC0000-memory.dmp

Filesize
64KB

Download
memory/4780-37-0x0000021F13CB0000-0x0000021F13F20000-memory.dmp

Filesize
2.4MB

Download
memory/4780-56-0x0000021F123D0000-0x0000021F123D1000-memory.dmp

Filesize
4KB

Download
memory/4780-59-0x0000021F13F80000-0x0000021F13F90000-memory.dmp

Filesize
64KB

Download
memory/4780-61-0x0000021F14020000-0x0000021F14030000-memory.dmp

Filesize
64KB

Download
memory/4780-60-0x0000021F13F90000-0x0000021F13FA0000-memory.dmp

Filesize
64KB

Download
memory/4780-65-0x0000021F14030000-0x0000021F14040000-memory.dmp

Filesize
64KB

Download
memory/4780-68-0x0000021F13FA0000-0x0000021F13FB0000-memory.dmp

Filesize
64KB

Download
memory/4780-69-0x0000021F14040000-0x0000021F14050000-memory.dmp

Filesize
64KB

Download
memory/4780-71-0x0000021F14050000-0x0000021F14060000-memory.dmp

Filesize
64KB

Download
memory/4780-70-0x0000021F13FB0000-0x0000021F13FC0000-memory.dmp

Filesize
64KB

Download
memory/4780-74-0x0000021F14060000-0x0000021F14070000-memory.dmp

Filesize
64KB

Download
memory/4780-73-0x0000021F13FC0000-0x0000021F13FD0000-memory.dmp

Filesize
64KB

Download
memory/4780-77-0x0000021F13FD0000-0x0000021F13FE0000-memory.dmp

Filesize
64KB

Download
memory/4780-80-0x0000021F14080000-0x0000021F14090000-memory.dmp

Filesize
64KB

Download
memory/4780-79-0x0000021F14070000-0x0000021F14080000-memory.dmp

Filesize
64KB

Download
memory/4780-78-0x0000021F13FE0000-0x0000021F13FF0000-memory.dmp

Filesize
64KB

Download
memory/4780-83-0x0000021F13FF0000-0x0000021F14000000-memory.dmp

Filesize
64KB

Download
memory/4780-84-0x0000021F14090000-0x0000021F140A0000-memory.dmp

Filesize
64KB

Download
memory/4780-86-0x0000021F123D0000-0x0000021F123D1000-memory.dmp

Filesize
4KB

Download
memory/4780-90-0x0000021F14000000-0x0000021F14010000-memory.dmp

Filesize
64KB

Download
memory/4780-91-0x0000021F140A0000-0x0000021F140B0000-memory.dmp

Filesize
64KB

Download
memory/4780-92-0x0000021F123D0000-0x0000021F123D1000-memory.dmp

Filesize
4KB

Download
memory/4780-94-0x0000021F14010000-0x0000021F14020000-memory.dmp

Filesize
64KB

Download
memory/4780-95-0x0000021F140B0000-0x0000021F140C0000-memory.dmp

Filesize
64KB

Download
memory/4780-101-0x0000021F14020000-0x0000021F14030000-memory.dmp

Filesize
64KB

Download
memory/4780-102-0x0000021F140C0000-0x0000021F140D0000-memory.dmp

Filesize
64KB

Download
memory/4780-106-0x0000021F140D0000-0x0000021F140E0000-memory.dmp

Filesize
64KB

Download
memory/4780-105-0x0000021F14030000-0x0000021F14040000-memory.dmp

Filesize
64KB

Download
memory/4780-109-0x0000021F140E0000-0x0000021F140F0000-memory.dmp

Filesize
64KB

Download
memory/4780-108-0x0000021F14040000-0x0000021F14050000-memory.dmp

Filesize
64KB

Download
memory/4780-110-0x0000021F123D0000-0x0000021F123D1000-memory.dmp

Filesize
4KB

Download
memory/4780-113-0x0000021F140F0000-0x0000021F14100000-memory.dmp

Filesize
64KB

Download
memory/4780-112-0x0000021F14050000-0x0000021F14060000-memory.dmp

Filesize
64KB

Download
memory/4780-116-0x0000021F123D0000-0x0000021F123D1000-memory.dmp

Filesize
4KB

Download
memory/4780-118-0x0000021F14060000-0x0000021F14070000-memory.dmp

Filesize
64KB

Download
memory/4780-119-0x0000021F14100000-0x0000021F14110000-memory.dmp

Filesize
64KB

Download
memory/4780-121-0x0000021F14070000-0x0000021F14080000-memory.dmp

Filesize
64KB

Download
memory/4780-122-0x0000021F14080000-0x0000021F14090000-memory.dmp

Filesize
64KB

Download
memory/4780-124-0x0000021F14090000-0x0000021F140A0000-memory.dmp

Filesize
64KB

Download
memory/4780-125-0x0000021F140A0000-0x0000021F140B0000-memory.dmp

Filesize
64KB

Download
memory/4780-126-0x0000021F140B0000-0x0000021F140C0000-memory.dmp

Filesize
64KB

Download
memory/4780-127-0x0000021F140C0000-0x0000021F140D0000-memory.dmp

Filesize
64KB

Download
memory/4780-128-0x0000021F140D0000-0x0000021F140E0000-memory.dmp

Filesize
64KB

Download
memory/4780-129-0x0000021F140E0000-0x0000021F140F0000-memory.dmp

Filesize
64KB

Download
memory/4780-130-0x0000021F140F0000-0x0000021F14100000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads