General
-
Target
0x00080000000122f2-105.dat
-
Size
209KB
-
Sample
230609-navg4scg5w
-
MD5
88ba73a2eb9e03fc5034d36b47b9adc4
-
SHA1
a06b3a2458eb56bf07e325af82e7f8574c07861d
-
SHA256
58c5b10d3a88506e0a4c2e1cfbbda23ded7fb65eb6124e9b61e0bd02a715952a
-
SHA512
75489284081a8d87bcf2176cbad8e4d15d1307a41b6793f4d2c51523109b1ba8da5a0c92a8685c6e1b1bdec748279649dfaed6e6f60040a10bfe9a56c522d885
-
SSDEEP
3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Behavioral task
behavioral1
Sample
0x00080000000122f2-105.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0x00080000000122f2-105.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Targets
-
-
Target
0x00080000000122f2-105.dat
-
Size
209KB
-
MD5
88ba73a2eb9e03fc5034d36b47b9adc4
-
SHA1
a06b3a2458eb56bf07e325af82e7f8574c07861d
-
SHA256
58c5b10d3a88506e0a4c2e1cfbbda23ded7fb65eb6124e9b61e0bd02a715952a
-
SHA512
75489284081a8d87bcf2176cbad8e4d15d1307a41b6793f4d2c51523109b1ba8da5a0c92a8685c6e1b1bdec748279649dfaed6e6f60040a10bfe9a56c522d885
-
SSDEEP
3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-