Edit tour

Windows Analysis Report
dump-6712fc982192d3f301cda237.exe

Overview

Sample name:	dump-6712fc982192d3f301cda237.exe
Analysis ID:	1537511
MD5:	3de539e280954c1083481598569d4506
SHA1:	684b851290faadcb3a08b905b8c136599f562936
SHA256:	0f88ab5ce2544b2bfe515e5b808f9c723e467bb609d7890e2242d9a76b966da7
Tags:	exeuser-V3n0mStrike
Infos:
Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

RedLine

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Machine Learning detection for sample

PE file does not import any functions

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Yara detected Credential Stealer

Yara signature match

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

⊘No configs have been found

Source	Rule	Description	Author	Strings
dump-6712fc982192d3f301cda237.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
dump-6712fc982192d3f301cda237.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump-6712fc982192d3f301cda237.exe	MALWARE_Win_Arechclient2	Detects Arechclient2 RAT	ditekSHen	0xba44a:$s14: keybd_event 0xc11b9:$v1_1: grabber@ 0xbb01c:$v1_2: <BrowserProfile>k__ 0xbba95:$v1_3: <SystemHardwares>k__ 0xbbb54:$v1_5: <ScannedWallets>k__ 0xbbbe4:$v1_6: <DicrFiles>k__ 0xbbbc0:$v1_7: <MessageClientFiles>k__ 0xbbf8a:$v1_8: <ScanBrowsers>k__BackingField 0xbbfdc:$v1_8: <ScanWallets>k__BackingField 0xbbff9:$v1_8: <ScanScreen>k__BackingField 0xbc033:$v1_8: <ScanVPN>k__BackingField 0xad862:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost 0xad16e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

⊘No Sigma rule has matched

⊘No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection