General
-
Target
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
Size
186KB
-
Sample
221124-sj6zqacc34
-
MD5
f57f3df41e4e1123477d9e31a319e463
-
SHA1
bea4a79f6661843f75f41ea9d7ecd5afdfd9fb09
-
SHA256
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
SHA512
9d12426c7fe90ce67ad5f0c3e6fa3ca64ce91484550398e6b11ca6b22aa7d88ee1f678ae3cc120ae2685d23636730c77df74af48334b6e87703999650b38dfe1
-
SSDEEP
3072:VsWWyp/VkRjnY7YLvDNjrQuP5UZ+BXlzUW9Bi9SKrAtMUrH:NW+VxYLLNj0dZ+Bh9BoSKct7
Static task
static1
Behavioral task
behavioral1
Sample
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc.exe
Resource
win10-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
193.56.146.194/h49vlBP/index.php
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Targets
-
-
Target
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
Size
186KB
-
MD5
f57f3df41e4e1123477d9e31a319e463
-
SHA1
bea4a79f6661843f75f41ea9d7ecd5afdfd9fb09
-
SHA256
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
SHA512
9d12426c7fe90ce67ad5f0c3e6fa3ca64ce91484550398e6b11ca6b22aa7d88ee1f678ae3cc120ae2685d23636730c77df74af48334b6e87703999650b38dfe1
-
SSDEEP
3072:VsWWyp/VkRjnY7YLvDNjrQuP5UZ+BXlzUW9Bi9SKrAtMUrH:NW+VxYLLNj0dZ+Bh9BoSKct7
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-