General
-
Target
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce.bin
-
Size
1.5MB
-
Sample
230501-w1dlaaec61
-
MD5
67f75a10acdf8b5e273cfb455e03b685
-
SHA1
213c42996089d15beac09995e90cf8371ddd8eaa
-
SHA256
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce
-
SHA512
b9277d568069913c5f7eb50e95aad213255ad06a2eb26a92c916c5bd7559486f61abdd325842d523b80b5eece4fcab0b0cfe469d6f524d434d6354e7829d86ef
-
SSDEEP
24576:1y5RCeg71V1aK+g8tnMSzAdEbkG6u7cCImQFo/e7e+/9JIDR1q1ZQlEXGhR:Q5RCLRVN+htMScdukG2CImoo/eqXR1+d
Static task
static1
Behavioral task
behavioral1
Sample
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce.bin
-
Size
1.5MB
-
MD5
67f75a10acdf8b5e273cfb455e03b685
-
SHA1
213c42996089d15beac09995e90cf8371ddd8eaa
-
SHA256
ca4095e22929adf715288129142d3951115649028a04b2a813f98c412e7ad9ce
-
SHA512
b9277d568069913c5f7eb50e95aad213255ad06a2eb26a92c916c5bd7559486f61abdd325842d523b80b5eece4fcab0b0cfe469d6f524d434d6354e7829d86ef
-
SSDEEP
24576:1y5RCeg71V1aK+g8tnMSzAdEbkG6u7cCImQFo/e7e+/9JIDR1q1ZQlEXGhR:Q5RCLRVN+htMScdukG2CImoo/eqXR1+d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-