General
-
Target
fe68c6db610d15931ad740d93cb58f7c.bin
-
Size
811KB
-
Sample
230610-c7yegseb22
-
MD5
0593801f7fa3fa45329cd41a748a0bf4
-
SHA1
cca5d97b383d7479292d05fc9ef94ec00f001f2f
-
SHA256
0d0a2a1755ef73438c3e2dcb89c61faeb05b2143d9bf849f051b1a3aa6ec73ef
-
SHA512
9dcc4abf8c49db04f0ff0c532ea99e4f217155aeab5af9bd04611ef5b1295f81a3190957ce0ade71df9ea537c3d821b1e4d706c3ecfecefcb732cf9cc9ad2239
-
SSDEEP
24576:x4xBcII8+zfAgEufckjVuBz+Qrfa7LDgnmgQLK3Uz+H:xRzf+uf50B74nMpQhY
Static task
static1
Behavioral task
behavioral1
Sample
ceede3f9fd6591b7ddebd806034806085ad914dbea25723a5e08b11de5589879.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
muha
83.97.73.129:19068
-
auth_value
3c237e5fecb41481b7af249e79828a46
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
ceede3f9fd6591b7ddebd806034806085ad914dbea25723a5e08b11de5589879.exe
-
Size
854KB
-
MD5
fe68c6db610d15931ad740d93cb58f7c
-
SHA1
f43d3445b8fb31461870265acc7e943da5d7a481
-
SHA256
ceede3f9fd6591b7ddebd806034806085ad914dbea25723a5e08b11de5589879
-
SHA512
47e36f21c6b293421a6e195919f24a58c6ad4965ec5e01264f283d2e054b5bd312b1e23a697377f11d9b251463e36044bf7bac3947e4ca60817853c98455b962
-
SSDEEP
24576:vy1elPne8Arqw4hfW2FB9yPPEUKBT5A7OXZYSDOvhyP:61CeJr8fWuW8BT5Aapnt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-