General
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.zip
-
Size
638KB
-
Sample
230308-nfghfafh53
-
MD5
50c9dda45cd0d3023bb73b34febbdadd
-
SHA1
65d1086d9acdd0bbc8a5d27af2af0a746fc2f43e
-
SHA256
2986697316913f6bdca4e6b8d9d887b3329305cba3e9d41b82864bba9cf84874
-
SHA512
ee027a40bd164a5da7a9083c1e46e803e75c56cb21dce29702de4ca42e77739adaf0b960a3cbdd64048f83d86e20fba2cbdf62eaa4bd5c5d97025c31f88af5e6
-
SSDEEP
12288:HMt0VpOAvhtccM8pYz5NcFVbfhgaQy5IBlVA9Oep7saJWDvZhyv8uH33:stSFvhtBMB0p3UB3GO87zOhGHH
Static task
static1
Behavioral task
behavioral1
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
-
Size
689KB
-
MD5
10586811a37e8f473466952597f98301
-
SHA1
7e472e3961475061394c7448febd4c77a29de022
-
SHA256
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4
-
SHA512
4ff79ea83f2c8c0a56c17c30fdda7015b40707bbfd7991a2422a9fd4e4bca81121e6313358ccacae75353fd77e3f40494034c92f922e70f8103e09c1be1f8c2e
-
SSDEEP
12288:hMrgy90duzjHoqe0pKF5f/GtiCpEmgidIP/CB/efbMdz4v:5yzjG6WdGtiCpEnidIP/CBAbM54v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-