General
-
Target
ec84cc9018c5c31eb791e6bf91eaa84c88b7d57b80fa637ceccd062aa419e46f
-
Size
247KB
-
Sample
221125-k7vycsba5t
-
MD5
24b4c7a0509d3f9a464ce3527db60c89
-
SHA1
cf6de67ae26755b5d5f734f722a2e245e4e144a7
-
SHA256
ec84cc9018c5c31eb791e6bf91eaa84c88b7d57b80fa637ceccd062aa419e46f
-
SHA512
d4cdcbb6f3b0d1213cacd0828dcbc48be17c5d71965717b80c36c36ce0201e50811a228c0c79eac7ea1b55eeee77ff32d1c44786023f2722dd555637a83b5634
-
SSDEEP
6144:i2s0+LRZuyb7hLKwDfEHIoNXk34z6YpXWu:i2n+Huyb1WwDfNoEYh
Static task
static1
Behavioral task
behavioral1
Sample
ec84cc9018c5c31eb791e6bf91eaa84c88b7d57b80fa637ceccd062aa419e46f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Extracted
redline
ritchshit
94.103.183.33:80
-
auth_value
98c1a18edcc6e04afa19a0ee3b16a6e2
Targets
-
-
Target
ec84cc9018c5c31eb791e6bf91eaa84c88b7d57b80fa637ceccd062aa419e46f
-
Size
247KB
-
MD5
24b4c7a0509d3f9a464ce3527db60c89
-
SHA1
cf6de67ae26755b5d5f734f722a2e245e4e144a7
-
SHA256
ec84cc9018c5c31eb791e6bf91eaa84c88b7d57b80fa637ceccd062aa419e46f
-
SHA512
d4cdcbb6f3b0d1213cacd0828dcbc48be17c5d71965717b80c36c36ce0201e50811a228c0c79eac7ea1b55eeee77ff32d1c44786023f2722dd555637a83b5634
-
SSDEEP
6144:i2s0+LRZuyb7hLKwDfEHIoNXk34z6YpXWu:i2n+Huyb1WwDfNoEYh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-