General
-
Target
608a6d08b4a99e405b845e5cf70f4fe1.bin
-
Size
928KB
-
Sample
230505-w31tladc35
-
MD5
e7f07da47d4346ba08653f1f5148b15c
-
SHA1
e9c2e0b44594c2ada0526f627feb08bc0ae3ebce
-
SHA256
76053847e7861cb559a1f0f1cef802382eadd73cdb2009838959912c7ed7d2be
-
SHA512
ad9fc0a26af6db0c5790d3be3f8232793e0f06b413e55e15d9fb6edd0665eeda3d5fd81e32d792a33753255141e4fc751218264c9f4aa2ba94446e90df01a77d
-
SSDEEP
24576:sa1BiiMIu339pB734a0gr13M5409Icee3SIdpVL:hniJI63nB7VrZM5F9IcFXd/
Static task
static1
Behavioral task
behavioral1
Sample
MV GOLDEN SCHULTE PARTS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MV GOLDEN SCHULTE PARTS.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
[email protected] - Password:
Argona12!@ - Email To:
[email protected]
Targets
-
-
Target
MV GOLDEN SCHULTE PARTS.exe
-
Size
542KB
-
MD5
764acf7bd23649efdb25086f62d69ce5
-
SHA1
b4560eef798766d6737b33708ffc720c773e5a7d
-
SHA256
23032bc9472a424d68f6423a31bf3e9cf0fa5ded87ab630d1a8234091758f4de
-
SHA512
292b149ef1d2f0e8821d551b83c871e73b990ef2f2334b4489329b175a49f67c6bce6536f228072c408fa65d1771ccff35fc6c576235816d1b7f880c6059ada3
-
SSDEEP
6144:t445seHtUlG/GdH7Vya9DPyI9Ww7B8rNYd3P8l4JpBB4EDNX67iMUHtDq40zaHeE:kAsOEVyaNv9W/I3P8lupBB7W8440rJd
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-