General
-
Target
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab.exe
-
Size
839KB
-
Sample
240626-brdvgayejm
-
MD5
ebc4b354d6ec654829f9de447d0c7b04
-
SHA1
9e5d3ccae0d22bd27f8ae39b2f35b274dabd7fd1
-
SHA256
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab
-
SHA512
1cb3487cf2f1864d22d3148b30ecf70794567af3a84c9ba5f2d16b5dac38017347c4efb92e4978ebfe57588c5883a2ebe4af33e83eaafad99de202548fd0048e
-
SSDEEP
24576:3CIQgVHOEqG7111cZRHVzutBSRhmG5ep:yAH1KL1zwBSRhmAI
Static task
static1
Behavioral task
behavioral1
Sample
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
5.0
79.110.49.209:7000
biVc5L0dNUTxuebk
-
install_file
USB.exe
Extracted
redline
X3.0 Foundry
79.110.49.209:37552
Targets
-
-
Target
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab.exe
-
Size
839KB
-
MD5
ebc4b354d6ec654829f9de447d0c7b04
-
SHA1
9e5d3ccae0d22bd27f8ae39b2f35b274dabd7fd1
-
SHA256
80923a0d7111b0a1fa4326e3a9a0d9ecb7ce66e276f8672aa79e2b5d99473fab
-
SHA512
1cb3487cf2f1864d22d3148b30ecf70794567af3a84c9ba5f2d16b5dac38017347c4efb92e4978ebfe57588c5883a2ebe4af33e83eaafad99de202548fd0048e
-
SSDEEP
24576:3CIQgVHOEqG7111cZRHVzutBSRhmG5ep:yAH1KL1zwBSRhmAI
-
Detect Xworm Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects Windows executables referencing non-Windows User-Agents
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-