General
-
Target
c7c03c2d6a78eb79409a53304bfaf8a69334d2f6a5928db641092bcc39dc8e8d
-
Size
26KB
-
Sample
221211-ecqr9sbb7z
-
MD5
7c2a15bf34cf3bdea133966c8904fdfc
-
SHA1
ecd293af1ef5116a6ffcb19dda0db4c63c13e8ab
-
SHA256
bcb480ff6da33dbd3702dbb800fb86154f7143d7fd82a7c75da577152878a219
-
SHA512
8a0a9a443f51609512786ed0ff9b97dce12e2e95fd25c77d77af022e6d4c30130f42b4a09bb1ef8b20598108d08859dbfacb780da5f2096f5ee06bd85ea81731
-
SSDEEP
768:wrus7x3pLaXUTN88Dwq1/R7tigXQdNJzIrUGB:wrdx3p+W68b/Bt/XiY9
Behavioral task
behavioral1
Sample
c7c03c2d6a78eb79409a53304bfaf8a69334d2f6a5928db641092bcc39dc8e8d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c7c03c2d6a78eb79409a53304bfaf8a69334d2f6a5928db641092bcc39dc8e8d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
GOLD
45.138.16.105:30305
-
auth_value
4f782696884d580a958a158781386d86
Extracted
amadey
3.50
1h3art.me/i4kvjd3xc/index.php
Targets
-
-
Target
c7c03c2d6a78eb79409a53304bfaf8a69334d2f6a5928db641092bcc39dc8e8d
-
Size
29KB
-
MD5
1496b98fe0530da47982105a87a69bce
-
SHA1
00719a1b168c8baa3827a161326b157713f9a07a
-
SHA256
c7c03c2d6a78eb79409a53304bfaf8a69334d2f6a5928db641092bcc39dc8e8d
-
SHA512
286c28a228dda2d589e7e5a75027c27fcc69244b8fec2ae1019d66a8fe6aa00ef245682a1e2dd3f37722c9c4220f2ddc52ab8750369842da028970c59513dcc6
-
SSDEEP
768:en3FjOzFQjRuGjXi2nZFwn3SGTfMve9L0hPOZ:eaQ3Xi2ni3SKfMkLw
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-