General
-
Target
MetaMask_Bot.zip
-
Size
7.3MB
-
Sample
230111-a14ltadh4w
-
MD5
9c55fca87556f770240a494f7afbec4a
-
SHA1
4743de6c01de64dc84f9c576d1366721ffbd0c26
-
SHA256
86d72f1eeefa2a31a2a3e00ffa15e12982c57aef6b758ced28a30dfea50646b1
-
SHA512
0f0ff5db6e96985060f1a3386fa4f2543cbadcde541372aeffcb517fa6c4732b7132c570be052fef879e61fb814de991811f27a50159089788956d438ff8c435
-
SSDEEP
196608:3VlDTR6uTkkl/fmpKYSA4kboIKRemREWDWS0ZOXTStl:3VlfIuTkklnmpTHHKoMDWhgyl
Static task
static1
Behavioral task
behavioral1
Sample
MetaMaskBot.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
188.120.227.9 - Port:
21 - Username:
PK1 - Password:
PK1
Extracted
Protocol: ftp- Host:
79.174.12.59 - Port:
21 - Username:
hsngfb - Password:
hsnrgthearsgdt
Extracted
redline
01
62.109.1.213:25978
-
auth_value
83b3b6de7a5c7e6212ec06f17293a6ba
Targets
-
-
Target
MetaMaskBot.exe
-
Size
38KB
-
MD5
9169eb7a644bd28cbba4759b30298176
-
SHA1
ffe90ae79fd542268818deccc193c8617845acfb
-
SHA256
d97d88d757d722f0c078b4d22a5fac76bcb44db740c8b3ea9181e8733ac3c1ca
-
SHA512
cb47f0b6e74bc3c255e05ae1c5722100186be86f78df16bba166d2b1e580fa6d7bb1e22744fcd04d081dcc50a9c3580f8f85e3dca6a060cb11ef0a6e0bcfdfb5
-
SSDEEP
768:h7ra/Tl+hs3E/jU0dugZ0T2Xtz+lHQW40Zz0D3jHUpi1GouIbV:c/T2X/jN2vxZz0DTHUpouIbV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash
-
Suspicious use of SetThreadContext
-