General
-
Target
b1d2b4bb41650a04764460c050c1d52defd83b7f5aa53c7e848f10870b46c1c9
-
Size
103KB
-
Sample
231011-hpp82sgb51
-
MD5
0aa69a90bb130153f226553d7ff823c6
-
SHA1
38be605582db9520952dcaf453fab50d2ba6d428
-
SHA256
ec02f4f3e91f6c92dc012f7885ca9722628d48613d14c485403d33e8c1b7fe90
-
SHA512
f781898ee70e7b1a9d3ea74cdf494c2552a32d0b2594d9d4ab05724eb6ca3e6ed9d6bb32a1b6d79930f4e5e63e555b5c52142a5049c1575af89eb4c775539f50
-
SSDEEP
3072:4LTzrHEDjomznpCacXyS+ZLRyy4c1m6J/n:4LXmD8hX8ZNyCm6xn
Behavioral task
behavioral1
Sample
b1d2b4bb41650a04764460c050c1d52defd83b7f5aa53c7e848f10870b46c1c9.exe
Resource
win7-20230831-en
Malware Config
Extracted
amadey
3.89
http://77.91.68.52/mac/index.php
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
breha
77.91.124.55:19071
Extracted
smokeloader
up3
Extracted
redline
6012068394_99
https://pastebin.com/raw/8baCJyMF
Extracted
redline
pixelscloud
85.209.176.171:80
Targets
-
-
Target
b1d2b4bb41650a04764460c050c1d52defd83b7f5aa53c7e848f10870b46c1c9
-
Size
241KB
-
MD5
01da4e3aedd22bf8346998b8a04bb044
-
SHA1
647b2fb6cfcb4addeb3223d86995c0033fbe1f8b
-
SHA256
b1d2b4bb41650a04764460c050c1d52defd83b7f5aa53c7e848f10870b46c1c9
-
SHA512
ab7eb9fed68f8785d84a4bacd783c9d002aed47c9a4066fe20b6cb014a4a35ac73dc04ff2e9cb5ed5ca4aca4d8a064527f099d302cfc36c4da5ddfec560b8c04
-
SSDEEP
6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
-
Detects Healer an antivirus disabler dropper
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-