General
-
Target
0x00090000000122e3-1071.dat
-
Size
237KB
-
Sample
230404-c4kn8aec5x
-
MD5
5b775aae7625b5e915489d767d685bdc
-
SHA1
8892b1c7446f28627ad78e478dd2b8984c64dc5c
-
SHA256
4d139fe02f5902561f7029dd007c3db0be0590db69bfdd9b1935e916782bc917
-
SHA512
82824923f483fcc3e5976c31890bab6ce98212a4614a35fef2b7d89d50cc74223d72b0ba6a7938a85f50be0b02af0c90caf2535a902b0c59834ee85e0dde2d1b
-
SSDEEP
3072:N2gKdS0PkjvF5fHdjdyhRGc6zMBdSkbcaKhSdctuVi1VWQO3eIb1NcaWVJ5L:A9d78jt5fHbyhRFMMBd/ySMuViNSc39
Behavioral task
behavioral1
Sample
0x00090000000122e3-1071.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Extracted
aurora
141.98.6.253:8081
Extracted
redline
Anh123
199.115.193.116:11300
-
auth_value
db990971ec3911c24ea05eeccc2e1f60
Targets
-
-
Target
0x00090000000122e3-1071.dat
-
Size
237KB
-
MD5
5b775aae7625b5e915489d767d685bdc
-
SHA1
8892b1c7446f28627ad78e478dd2b8984c64dc5c
-
SHA256
4d139fe02f5902561f7029dd007c3db0be0590db69bfdd9b1935e916782bc917
-
SHA512
82824923f483fcc3e5976c31890bab6ce98212a4614a35fef2b7d89d50cc74223d72b0ba6a7938a85f50be0b02af0c90caf2535a902b0c59834ee85e0dde2d1b
-
SSDEEP
3072:N2gKdS0PkjvF5fHdjdyhRGc6zMBdSkbcaKhSdctuVi1VWQO3eIb1NcaWVJ5L:A9d78jt5fHbyhRFMMBd/ySMuViNSc39
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-