General
-
Target
0x000900000001232c-1071.dat
-
Size
236KB
-
Sample
230326-3wz22sce9t
-
MD5
36956dd648b0b29efa66e11e206416c7
-
SHA1
a423745a0b136153cfdf2c9b9d24eb2ef4fbaa27
-
SHA256
8ff3525503afba265a953722f7e4ad44f366bdc3590da36a4351f5d92fed9285
-
SHA512
07fb3d256abb679cf3ab6a57f0c1fcefe1d1782d538df1a5328f4938ce3c14735756bad65c5ca678f94d7920522426a8c47228a20a4705e7dff8be4313e494be
-
SSDEEP
6144:f36hrz456we4lz7zzZ5my2IuViMqJnyJQ:Pxpz7LmeuVi3nN
Behavioral task
behavioral1
Sample
0x000900000001232c-1071.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
@REDLINEVIPCHAT Cloud (TG: @FATHEROFCARDERS)
151.80.89.234:19388
-
auth_value
56af49c3278d982f9a41ef2abb7c4d09
Extracted
redline
66.42.108.195:40499
-
auth_value
f93019ca42e7f9440be3a7ee1ebc636d
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
0x000900000001232c-1071.dat
-
Size
236KB
-
MD5
36956dd648b0b29efa66e11e206416c7
-
SHA1
a423745a0b136153cfdf2c9b9d24eb2ef4fbaa27
-
SHA256
8ff3525503afba265a953722f7e4ad44f366bdc3590da36a4351f5d92fed9285
-
SHA512
07fb3d256abb679cf3ab6a57f0c1fcefe1d1782d538df1a5328f4938ce3c14735756bad65c5ca678f94d7920522426a8c47228a20a4705e7dff8be4313e494be
-
SSDEEP
6144:f36hrz456we4lz7zzZ5my2IuViMqJnyJQ:Pxpz7LmeuVi3nN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-