General
-
Target
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b.exe
-
Size
2.1MB
-
Sample
220125-wnpg1sceg6
-
MD5
b921d63f6ae85b6d2d3fa919c58fd6a1
-
SHA1
6d5f63c59b997ef02aca36e6dabebf30457f87d2
-
SHA256
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b
-
SHA512
75b6b4e8f96aa901761d451151ab7941fd967ca274200f19a12c166ade471453ff7282bc5cb1d733cd36eadc3a3b4d8c08caf788810f9fc94a4419be035df5f0
Static task
static1
Behavioral task
behavioral1
Sample
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b.exe
Resource
win7-en-20211208
Malware Config
Extracted
amadey
3.01
185.215.113.47/k0uTrd3d/index.php
Extracted
redline
GLADIATOR
185.215.113.107:1433
Extracted
redline
KANBUCHA
185.215.113.107:1433
Targets
-
-
Target
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b.exe
-
Size
2.1MB
-
MD5
b921d63f6ae85b6d2d3fa919c58fd6a1
-
SHA1
6d5f63c59b997ef02aca36e6dabebf30457f87d2
-
SHA256
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b
-
SHA512
75b6b4e8f96aa901761d451151ab7941fd967ca274200f19a12c166ade471453ff7282bc5cb1d733cd36eadc3a3b4d8c08caf788810f9fc94a4419be035df5f0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-