General
-
Target
025fe9e8bd3665254c3b4494885eb84e.exe
-
Size
549KB
-
Sample
230309-wzbejahf28
-
MD5
025fe9e8bd3665254c3b4494885eb84e
-
SHA1
500f6ee879a6d00fc6e393699c4f5415bd4da68a
-
SHA256
e19ff8cad63099065c403f206caa9fd950b732aeb28c3189dea419f5207e035d
-
SHA512
cc14ddb646332892084aa7e7374cb7345fd024f09b72c20efcc767dcbe40414bed74d1c0c8b5b543327836b6da3703f9f714a4d96248d6e9ea60203639e8e706
-
SSDEEP
12288:i0MlE4sdpmt1VCrTabAdgel1LqL+cszd0tppwZCGD:97b2fkeGgelQszd0tppiDD
Behavioral task
behavioral1
Sample
025fe9e8bd3665254c3b4494885eb84e.exe
Resource
win7-20230220-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
-
payload_urls
http://95.214.27.203:8080/upload/wrapper.exe
http://95.214.27.203:8080/upload/oigmre.exe,http://95.214.27.203:8080/upload/handler.exe
Extracted
redline
new1
85.31.46.182:12767
Targets
-
-
Target
025fe9e8bd3665254c3b4494885eb84e.exe
-
Size
549KB
-
MD5
025fe9e8bd3665254c3b4494885eb84e
-
SHA1
500f6ee879a6d00fc6e393699c4f5415bd4da68a
-
SHA256
e19ff8cad63099065c403f206caa9fd950b732aeb28c3189dea419f5207e035d
-
SHA512
cc14ddb646332892084aa7e7374cb7345fd024f09b72c20efcc767dcbe40414bed74d1c0c8b5b543327836b6da3703f9f714a4d96248d6e9ea60203639e8e706
-
SSDEEP
12288:i0MlE4sdpmt1VCrTabAdgel1LqL+cszd0tppwZCGD:97b2fkeGgelQszd0tppiDD
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-