General
-
Target
0x0009000000012317-1077.dat
-
Size
235KB
-
Sample
230317-ngp6zaga22
-
MD5
45a52c031a49cfc0ce7d83cf85c9810a
-
SHA1
d41bb20dcab894e4558eddce1fd1e7d45ba1f92d
-
SHA256
bd71e03e2c0b5b324f02a1cfc38428f6764a58a9217d52d8cd15efe755db39be
-
SHA512
7fa294fab489b38a08bcd186c5d49e7fcd437647a0a1c3b498d86be8dfc1320e84ada52b24de07c88bca4c253a0dfbb7a31d5fc48b82720f8695bac99c536c2f
-
SSDEEP
6144:P5gzTsHKSwe4FTbiC5YGL2zuVicJBgrJm:x6xTbKGmuViWg
Behavioral task
behavioral1
Sample
0x0009000000012317-1077.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.68
62.204.41.59/wordpress/console2/index.php
Extracted
aurora
45.15.156.172:8081
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
0x0009000000012317-1077.dat
-
Size
235KB
-
MD5
45a52c031a49cfc0ce7d83cf85c9810a
-
SHA1
d41bb20dcab894e4558eddce1fd1e7d45ba1f92d
-
SHA256
bd71e03e2c0b5b324f02a1cfc38428f6764a58a9217d52d8cd15efe755db39be
-
SHA512
7fa294fab489b38a08bcd186c5d49e7fcd437647a0a1c3b498d86be8dfc1320e84ada52b24de07c88bca4c253a0dfbb7a31d5fc48b82720f8695bac99c536c2f
-
SSDEEP
6144:P5gzTsHKSwe4FTbiC5YGL2zuVicJBgrJm:x6xTbKGmuViWg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-