General
-
Target
eeaec536b77eeec1a4324ec70bf2d9413cf0a077b6ed2a3de2fcb00fe5c84ed9
-
Size
232KB
-
Sample
221125-mntmasba38
-
MD5
6da7121b837e329ab2de46b14236949a
-
SHA1
7a37c5bcb4b1c6792e27f383e66560349303c487
-
SHA256
eeaec536b77eeec1a4324ec70bf2d9413cf0a077b6ed2a3de2fcb00fe5c84ed9
-
SHA512
ff2545ab85ad69e5f3379198d5e994a2a8bd62f19d2d29be1a2a82017850d7fc0355319eb72036dc5566beb9c2ca2f3603b579779f11568dd2d5dcda4b456f1c
-
SSDEEP
6144:XQmLNilAiGPKyV5ER3bkEQZkTjFfRX0W:Xf5ilAieV563gEqKRXB
Static task
static1
Behavioral task
behavioral1
Sample
eeaec536b77eeec1a4324ec70bf2d9413cf0a077b6ed2a3de2fcb00fe5c84ed9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Extracted
redline
ritchshit
94.103.183.33:80
-
auth_value
98c1a18edcc6e04afa19a0ee3b16a6e2
Targets
-
-
Target
eeaec536b77eeec1a4324ec70bf2d9413cf0a077b6ed2a3de2fcb00fe5c84ed9
-
Size
232KB
-
MD5
6da7121b837e329ab2de46b14236949a
-
SHA1
7a37c5bcb4b1c6792e27f383e66560349303c487
-
SHA256
eeaec536b77eeec1a4324ec70bf2d9413cf0a077b6ed2a3de2fcb00fe5c84ed9
-
SHA512
ff2545ab85ad69e5f3379198d5e994a2a8bd62f19d2d29be1a2a82017850d7fc0355319eb72036dc5566beb9c2ca2f3603b579779f11568dd2d5dcda4b456f1c
-
SSDEEP
6144:XQmLNilAiGPKyV5ER3bkEQZkTjFfRX0W:Xf5ilAieV563gEqKRXB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-