General
-
Target
afa3880c77bd7aea62c6474c6ebc9ea54efe957c3f8e737de46a73abaae10c4c
-
Size
209KB
-
Sample
221127-lgj9lsfd64
-
MD5
dc590962ae5479d9120fbd6c6f35e020
-
SHA1
deb16b492c5fb92cb2407fda236f96a77c352b2b
-
SHA256
afa3880c77bd7aea62c6474c6ebc9ea54efe957c3f8e737de46a73abaae10c4c
-
SHA512
d428e1ce4ba5a1e9be294b550e7788af4e73be266c46627be935511a80e61b35d924193f46f81d0b4c173c677ac7e4920d70fe389dc4e530ee33cd52860c581f
-
SSDEEP
3072:7Q7AnVHOnEE5nO6NNJxejwOCg/uj4pK0bvtw8Dz+I0t+ikZIagkmT6ipKI6WBab:OcunFriHmIK0bCnI++vZYkPipO
Static task
static1
Behavioral task
behavioral1
Sample
afa3880c77bd7aea62c6474c6ebc9ea54efe957c3f8e737de46a73abaae10c4c.exe
Resource
win10-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Extracted
redline
NewYear2023
185.106.92.111:2510
-
auth_value
99e9bde3b38509ea98c3316cc27e6106
Extracted
laplas
clipper.guru
-
api_key
ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb
Targets
-
-
Target
afa3880c77bd7aea62c6474c6ebc9ea54efe957c3f8e737de46a73abaae10c4c
-
Size
209KB
-
MD5
dc590962ae5479d9120fbd6c6f35e020
-
SHA1
deb16b492c5fb92cb2407fda236f96a77c352b2b
-
SHA256
afa3880c77bd7aea62c6474c6ebc9ea54efe957c3f8e737de46a73abaae10c4c
-
SHA512
d428e1ce4ba5a1e9be294b550e7788af4e73be266c46627be935511a80e61b35d924193f46f81d0b4c173c677ac7e4920d70fe389dc4e530ee33cd52860c581f
-
SSDEEP
3072:7Q7AnVHOnEE5nO6NNJxejwOCg/uj4pK0bvtw8Dz+I0t+ikZIagkmT6ipKI6WBab:OcunFriHmIK0bCnI++vZYkPipO
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-