General
-
Target
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890
-
Size
241KB
-
Sample
221124-18fstsfh8s
-
MD5
3c0eaa80d5332030e07f85fbd5960044
-
SHA1
4f3495495a1eb31709949979dc78c23406eb9648
-
SHA256
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890
-
SHA512
4380fc3af96039f15b5094fa05c70b7bfdb0c93443816d48017e2e31532ef224acf8b23f113ff570189e53faa126529cc9574b04869d68a20ede2df7a5d0a9aa
-
SSDEEP
6144:6BizIWRzBlSIiLaliSMrf5ujpmzqaAl5LiS:6asaxMNujpcqae4S
Behavioral task
behavioral1
Sample
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890.exe
Resource
win10-20220812-en
Malware Config
Extracted
amadey
3.50
1h3art.me/i4kvjd3xc/index.php
193.56.146.174/g84kvj4jck/index.php
Extracted
redline
5139967220
79.137.192.6:8362
Extracted
laplas
79.137.206.137
-
api_key
0f183cb4288647960d1c458ed8456bf6524ebfbc16ebc53caab66c2376fd0eef
Targets
-
-
Target
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890
-
Size
241KB
-
MD5
3c0eaa80d5332030e07f85fbd5960044
-
SHA1
4f3495495a1eb31709949979dc78c23406eb9648
-
SHA256
d72ba95c67364911636a82f711732eb67e235bb31b17928e832228e847d25890
-
SHA512
4380fc3af96039f15b5094fa05c70b7bfdb0c93443816d48017e2e31532ef224acf8b23f113ff570189e53faa126529cc9574b04869d68a20ede2df7a5d0a9aa
-
SSDEEP
6144:6BizIWRzBlSIiLaliSMrf5ujpmzqaAl5LiS:6asaxMNujpcqae4S
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets service image path in registry
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-