General
-
Target
527cbc830358a4199bc9b9f5e5fc129a0cf90f375eded0d11d9fe709d4565011
-
Size
332KB
-
Sample
221205-ymvzhsdh9y
-
MD5
10e7e260364165e52c3b41b9be2bc1fd
-
SHA1
3dc77c61482349314befba75a0f52a1e5fb41e80
-
SHA256
527cbc830358a4199bc9b9f5e5fc129a0cf90f375eded0d11d9fe709d4565011
-
SHA512
a55412a10449a7f61aa9449e4ae0de05535e9e8ee86a9ffdbf953c403dd560580b115e9167633fa26abc595e19e77745eaf2a7a58c8518d880b0a7dab9000c74
-
SSDEEP
6144:NWM+bU0FOLdE4Npf6f3mYER6umjRRfZziTOIDc5wfncXVS:NWM+o0FO52f2YEA3LBizDcifcXVS
Static task
static1
Behavioral task
behavioral1
Sample
527cbc830358a4199bc9b9f5e5fc129a0cf90f375eded0d11d9fe709d4565011.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
62.204.41.6/p9cWxH/index.php
Extracted
redline
Wish
31.41.244.14:4694
-
auth_value
836b5b05c28f01127949ef1e84b93e92
Targets
-
-
Target
527cbc830358a4199bc9b9f5e5fc129a0cf90f375eded0d11d9fe709d4565011
-
Size
332KB
-
MD5
10e7e260364165e52c3b41b9be2bc1fd
-
SHA1
3dc77c61482349314befba75a0f52a1e5fb41e80
-
SHA256
527cbc830358a4199bc9b9f5e5fc129a0cf90f375eded0d11d9fe709d4565011
-
SHA512
a55412a10449a7f61aa9449e4ae0de05535e9e8ee86a9ffdbf953c403dd560580b115e9167633fa26abc595e19e77745eaf2a7a58c8518d880b0a7dab9000c74
-
SSDEEP
6144:NWM+bU0FOLdE4Npf6f3mYER6umjRRfZziTOIDc5wfncXVS:NWM+o0FO52f2YEA3LBizDcifcXVS
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-