General
-
Target
2073406f740a15b0bcdc15b30d558dd7155fff533508247b4304b32d04c7ea85
-
Size
246KB
-
Sample
230117-17d8lsha86
-
MD5
54d77d83a9d14719645848a53a9295a6
-
SHA1
4e04bb8cd980f568df05b92a894b50cb1f5258b4
-
SHA256
2073406f740a15b0bcdc15b30d558dd7155fff533508247b4304b32d04c7ea85
-
SHA512
9ea89676aa993b0def9be6870bea7452ea38e0781e561b8484488a91705e9f1fbaee048ed7a7826f782e6f418708151cf9ac96184fc18771764fe97d2918ce9c
-
SSDEEP
6144:eNN2mv+MgDd73GA1NXZn6zlvKoWFu7u1yikKQXvR:qrgZDGABWl5W6u1y9
Behavioral task
behavioral1
Sample
2073406f740a15b0bcdc15b30d558dd7155fff533508247b4304b32d04c7ea85.exe
Resource
win7-20221111-en
Malware Config
Extracted
amadey
3.65
193.42.33.28/8bmdh3Slb2/index.php
Extracted
redline
37.220.87.13:48790
-
auth_value
e2664b77009718757d7b3fb32274f6f6
Extracted
aurora
37.220.87.13:8081
Targets
-
-
Target
2073406f740a15b0bcdc15b30d558dd7155fff533508247b4304b32d04c7ea85
-
Size
246KB
-
MD5
54d77d83a9d14719645848a53a9295a6
-
SHA1
4e04bb8cd980f568df05b92a894b50cb1f5258b4
-
SHA256
2073406f740a15b0bcdc15b30d558dd7155fff533508247b4304b32d04c7ea85
-
SHA512
9ea89676aa993b0def9be6870bea7452ea38e0781e561b8484488a91705e9f1fbaee048ed7a7826f782e6f418708151cf9ac96184fc18771764fe97d2918ce9c
-
SSDEEP
6144:eNN2mv+MgDd73GA1NXZn6zlvKoWFu7u1yikKQXvR:qrgZDGABWl5W6u1y9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-