General
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.zip
-
Size
639KB
-
Sample
230308-nfheqsfd4t
-
MD5
e18b76e903dbd479d55a1d24475f85d3
-
SHA1
e9751a71e6c982356a6c8382ad9ff64c59cdf52a
-
SHA256
a468476489182f5acbd50ed83ee07b8205e99e5eac082a949da7693b28a840cc
-
SHA512
6f28118b40455861023e01edd3b80e7a76a7600925bb7c2da317c169dc82109ff3bafd37e76799fe9fda86247b8320e121e7b7ed7dc9d7c09145f47fcceacf77
-
SSDEEP
12288:lAop+Xue6FfsViGbkOujZc5DM9OEhi+RL4NQZ73S+3/kE:lAop++DFfkbkOmc5DMY/+RL4NAx8E
Static task
static1
Behavioral task
behavioral1
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
-
Size
690KB
-
MD5
40e79ea104c4a99fd2dc6d3c14555506
-
SHA1
be5ddb56626b78fa4657f17d0dfa00915c1f5297
-
SHA256
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485
-
SHA512
549bc5c9ef26e5d86e62b26cf17c989913d06b64971b317e347d11551a213a97d57301f57d8521677b86b266a1468ca23467475cc8f1766ddcc6783d0a5d66c0
-
SSDEEP
12288:HMrQy90KUaqGgsPPicCpWJec89kRiu93kfPLq/G8s9V28TTsJNRS:Dyf/qGgsPUsI2iuVkriwVJIBS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-