General
-
Target
Moon Hack.exe
-
Size
1.3MB
-
Sample
230722-jlkptshh98
-
MD5
b86d575cfbadc3aa88339316d0ede439
-
SHA1
7aa793a0998635397aab3df0f9b3e767c31364f8
-
SHA256
3b50875fcaf6c7b025b28174263cf78534749de54982fc52b296010ce838a7a2
-
SHA512
1b4a4ec20d0954f0f2d4d98de8b051e6ee7da315648d5e45ab2f24690dc3d97ec7543d8afb53c3df3833490e23023724caf66eec909b55e84747d89268c96927
-
SSDEEP
24576:0UW4INa580xo0GWFG4jQ1llLNhDaQV8VY8Rt3Z9ws:0Uz9O0xrGWFpQ1jLNhDaQWVY8Rt3Z9h
Static task
static1
Behavioral task
behavioral1
Sample
Moon Hack.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Moon Hack.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
@dsfawderwe4128776rafsafsa
94.142.138.4:80
-
auth_value
0b59c02d0b9ebe415e380c8824e6b419
Extracted
laplas
http://185.209.161.189
-
api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
Targets
-
-
Target
Moon Hack.exe
-
Size
1.3MB
-
MD5
b86d575cfbadc3aa88339316d0ede439
-
SHA1
7aa793a0998635397aab3df0f9b3e767c31364f8
-
SHA256
3b50875fcaf6c7b025b28174263cf78534749de54982fc52b296010ce838a7a2
-
SHA512
1b4a4ec20d0954f0f2d4d98de8b051e6ee7da315648d5e45ab2f24690dc3d97ec7543d8afb53c3df3833490e23023724caf66eec909b55e84747d89268c96927
-
SSDEEP
24576:0UW4INa580xo0GWFG4jQ1llLNhDaQV8VY8Rt3Z9ws:0Uz9O0xrGWFpQ1jLNhDaQWVY8Rt3Z9h
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-