General
-
Target
0x0007000000015c4e-1073.dat
-
Size
236KB
-
Sample
230402-ctv27seb63
-
MD5
f50aaa18ecc55c4bf6956adbe244eee0
-
SHA1
fccbd853683dec464ee034bb2bbfae95bf68ad0b
-
SHA256
cffa7fe278434d300d26288023fa5fa9d04e5899e1df7b3c4be2f129eb2040ce
-
SHA512
c14e7f7472896ea54adbaf44aa44134c42968f46456a000e072c6bf8039f1183fdc3808620e71d7dfb01227b7a241418ec77549ea6e946af78bd36f7f7b8c183
-
SSDEEP
3072:N2gKdS0PkjvF5fHdjdyhRGc6zMBdSkbcaKhSdctuVi1VWQO3eIb1NcaWVJ5L:A9d78jt5fHbyhRFMMBd/ySMuViNSc39
Behavioral task
behavioral1
Sample
0x0007000000015c4e-1073.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Extracted
redline
Redline
85.31.54.183:43728
-
auth_value
1666a0a46296c430de7ba5e70bd0c0f3
Targets
-
-
Target
0x0007000000015c4e-1073.dat
-
Size
236KB
-
MD5
f50aaa18ecc55c4bf6956adbe244eee0
-
SHA1
fccbd853683dec464ee034bb2bbfae95bf68ad0b
-
SHA256
cffa7fe278434d300d26288023fa5fa9d04e5899e1df7b3c4be2f129eb2040ce
-
SHA512
c14e7f7472896ea54adbaf44aa44134c42968f46456a000e072c6bf8039f1183fdc3808620e71d7dfb01227b7a241418ec77549ea6e946af78bd36f7f7b8c183
-
SSDEEP
3072:N2gKdS0PkjvF5fHdjdyhRGc6zMBdSkbcaKhSdctuVi1VWQO3eIb1NcaWVJ5L:A9d78jt5fHbyhRFMMBd/ySMuViNSc39
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-