General
-
Target
tmp
-
Size
235KB
-
Sample
230119-e64afscb31
-
MD5
77e0a0a90e0231493bd421f4cdab0668
-
SHA1
b09f8951b42a2993b637df9e41f6a25be106c2cb
-
SHA256
75520c76a4051b2be15db8625f35d4c1c63d93686bf849e6fc67f4e62d2fd000
-
SHA512
d6a1c3ebe00c5d236dccab9fe867c8a87dea2a71cf54900cfe47cacf0c1d7a8e2dfbe91b466cad318144976fce340ba6f5e5da9a5c0cae71c1666ba09e6510e4
-
SSDEEP
6144:FSfSsOzqs7nAV3QN2tW0J3SluVy3VYygXqgkX:hbN6J4uVy3V3ga
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.66
62.204.41.27/9djZdj09/index.php
Extracted
redline
1
librchichelpai.shop:81
rniwondunuifac.shop:81
-
auth_value
b6c86adb7106e9ee7247628f59e06830
Extracted
redline
Dzokey1111111
82.115.223.9:15486
-
auth_value
a46fd18e8e0de86d363c12c2307db5e9
Targets
-
-
Target
tmp
-
Size
235KB
-
MD5
77e0a0a90e0231493bd421f4cdab0668
-
SHA1
b09f8951b42a2993b637df9e41f6a25be106c2cb
-
SHA256
75520c76a4051b2be15db8625f35d4c1c63d93686bf849e6fc67f4e62d2fd000
-
SHA512
d6a1c3ebe00c5d236dccab9fe867c8a87dea2a71cf54900cfe47cacf0c1d7a8e2dfbe91b466cad318144976fce340ba6f5e5da9a5c0cae71c1666ba09e6510e4
-
SSDEEP
6144:FSfSsOzqs7nAV3QN2tW0J3SluVy3VYygXqgkX:hbN6J4uVy3V3ga
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-