General
-
Target
0c158c613020ccee1f0a847af22e812b.exe
-
Size
5.7MB
-
Sample
230309-yd4kashh77
-
MD5
0c158c613020ccee1f0a847af22e812b
-
SHA1
1782efa3990505c5eaa67ae97fdd58acdd7fa77d
-
SHA256
479354191ee61a48e8330c242c25cc40fab9d14e8ae11c46bab377a9ca72fe20
-
SHA512
e4e9be53b79e417a7ae97288aa1fb79eeaa5253c70524bc1dd87acd6d3838e4d7ad7e3ecbdbb00835a56d77fcb59080d6727147c88af1dd0c5ea37338c57d6b0
-
SSDEEP
98304:fA0BK0SjRd/sgrZxumE0+j75AVSiFwntBgYGPFW4R7o+mSA1IJlWw20unynRQ:fAKVqd0gtxp+IFsg/hVmSAy6Eq
Behavioral task
behavioral1
Sample
0c158c613020ccee1f0a847af22e812b.exe
Resource
win7-20230220-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
-
payload_urls
http://95.214.27.203:8080/upload/wrapper.exe
http://95.214.27.203:8080/upload/oigmre.exe,http://95.214.27.203:8080/upload/handler.exe
Extracted
redline
new1
85.31.46.182:12767
Targets
-
-
Target
0c158c613020ccee1f0a847af22e812b.exe
-
Size
5.7MB
-
MD5
0c158c613020ccee1f0a847af22e812b
-
SHA1
1782efa3990505c5eaa67ae97fdd58acdd7fa77d
-
SHA256
479354191ee61a48e8330c242c25cc40fab9d14e8ae11c46bab377a9ca72fe20
-
SHA512
e4e9be53b79e417a7ae97288aa1fb79eeaa5253c70524bc1dd87acd6d3838e4d7ad7e3ecbdbb00835a56d77fcb59080d6727147c88af1dd0c5ea37338c57d6b0
-
SSDEEP
98304:fA0BK0SjRd/sgrZxumE0+j75AVSiFwntBgYGPFW4R7o+mSA1IJlWw20unynRQ:fAKVqd0gtxp+IFsg/hVmSAy6Eq
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-