General
-
Target
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
-
Size
336KB
-
Sample
220524-jr6jgsgbd7
-
MD5
53f54f7688b7becf3f68ca1ac3cb3565
-
SHA1
b99a8ee9253186f3a19e750e4b9a7cecedb30136
-
SHA256
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b
-
SHA512
a94b97891ae3e7c202746e13912737e9047ba0f5e344ad22c6eba54e15178935db2b3e9b94eb2759294de171588a6cd42ade38dc1bdb98fd16ddafccec6591ad
Static task
static1
Behavioral task
behavioral1
Sample
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
Resource
win7-20220414-en
Malware Config
Extracted
amadey
3.10
185.215.113.35/d2VxjasuwS_old/index.php
Extracted
redline
9
185.62.58.140:41022
-
auth_value
185c92a51d0022998b6da3a38f6a9117
Targets
-
-
Target
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
-
Size
336KB
-
MD5
53f54f7688b7becf3f68ca1ac3cb3565
-
SHA1
b99a8ee9253186f3a19e750e4b9a7cecedb30136
-
SHA256
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b
-
SHA512
a94b97891ae3e7c202746e13912737e9047ba0f5e344ad22c6eba54e15178935db2b3e9b94eb2759294de171588a6cd42ade38dc1bdb98fd16ddafccec6591ad
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-