General
-
Target
0ferta y demanda_CIF--B-62326O21.iso.bin
-
Size
1.2MB
-
Sample
230430-2n3mjaha4w
-
MD5
fe5bead276e836ad875307ba81154b68
-
SHA1
1d9f2a3b6551f291a54e1fff8166fd6edf796340
-
SHA256
9c71b54c43e5cabec212c1a02317da8c51915aec8944ea88a84e7a5490ceb1a3
-
SHA512
66d0bd438f1ee43f437db48186a4759a15acd18ea4ab9275c67e6c04d1a7d3b1cd444d484974f940d94292179ff736af459b6aa9a328b42a1dc35956cc4f48c4
-
SSDEEP
6144:FH6xBmSbrrTTCgb9/z2qBop/Nkt9Tdz/6R36:lAWgbdgp/NktrWR
Static task
static1
Behavioral task
behavioral1
Sample
0FERTA_Y.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0FERTA_Y.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
0FERTA_Y.EXE
-
Size
202KB
-
MD5
a9419910dc159e785f4f7d060b99703d
-
SHA1
164c8c53881f9e65d19233c6b9eed1d0231e7cfb
-
SHA256
56fe514e3ea3eda0569cf8b79741fe9ed9b391fe06f07b33d847ccdd7fda18ae
-
SHA512
f8dad0c0825aab81f9ad4ca4d138b7e653181b3c4d9ad8162f99568ea55168b82265097afa8be8afc23ad571547647b32bf49f0247fbe14b67269e8144b80358
-
SSDEEP
6144:tH6xBmSbrrTTCgb9/z2qBop/Nkt9Tdz/6R36:tAWgbdgp/NktrWR
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
StormKitty payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-