General
-
Target
setup.exe
-
Size
891KB
-
Sample
230424-adrczagf87
-
MD5
24d35af384859b9132200d58aa54827f
-
SHA1
c743a24bcefb6261a1f2479365cf811292b59b89
-
SHA256
13bc1e0dd1b6e99fbf82ec88b71015c972082bff07313d0eb674530cdb6bd392
-
SHA512
b36fa7a44f3b60ed5dcda620e744df6fe15eedc9469aaf6fa52269d290969f1f3d80483f81f66cd61924889ac50bdbfde4fff388459a886c4d8c890c8112bf34
-
SSDEEP
12288:Ay90D/5O+dvtUVZF+S9LOL9EdiCD1k2zEifoc52DAxKk8cITxD80JZZw19r8fAwb:Ayi5O6CVZvOa/gifIDAEltb1YaSK
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
Heaven
103.161.170.185:33621
-
auth_value
0dbeabaddb415a98dbde3a27af173ac5
Targets
-
-
Target
setup.exe
-
Size
891KB
-
MD5
24d35af384859b9132200d58aa54827f
-
SHA1
c743a24bcefb6261a1f2479365cf811292b59b89
-
SHA256
13bc1e0dd1b6e99fbf82ec88b71015c972082bff07313d0eb674530cdb6bd392
-
SHA512
b36fa7a44f3b60ed5dcda620e744df6fe15eedc9469aaf6fa52269d290969f1f3d80483f81f66cd61924889ac50bdbfde4fff388459a886c4d8c890c8112bf34
-
SSDEEP
12288:Ay90D/5O+dvtUVZF+S9LOL9EdiCD1k2zEifoc52DAxKk8cITxD80JZZw19r8fAwb:Ayi5O6CVZvOa/gifIDAEltb1YaSK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-