Overview
overview
10Static
static
3AuroraV2.exe
windows11-21h2-x64
10$TEMP/Adapters
windows11-21h2-x64
1$TEMP/Appeals
windows11-21h2-x64
1$TEMP/Char...zation
windows11-21h2-x64
1$TEMP/Construction
windows11-21h2-x64
1$TEMP/Designer
windows11-21h2-x64
1$TEMP/Elder
windows11-21h2-x64
1$TEMP/Pets
windows11-21h2-x64
1$TEMP/Strongly.exe
windows11-21h2-x64
$TEMP/Yamaha
windows11-21h2-x64
1General
-
Target
AuroraV2.exe
-
Size
770KB
-
Sample
240319-e3atqshd54
-
MD5
4354532285d1fee0e9e1f757e2fefd03
-
SHA1
ed4661c574ac9b67c6c87f0b672af3dd5439f004
-
SHA256
a76d0ca31629666d6fde15d21f0d225c1580d875ab7bb6d6a608f38e40190e8b
-
SHA512
66e2896f320db3f96319f5063dd7616e811cc4114b994a4582e990f8941408e5d281d5f51f629012a818081de5acf885a9cb40047040db98a2cacd7de777cc48
-
SSDEEP
24576:6bRO13jhaFVNLwBzlSaOaLp6RB3qrbRYItaXrc:w6CDLyz+MEBqvSIUc
Static task
static1
Behavioral task
behavioral1
Sample
AuroraV2.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
$TEMP/Adapters
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
$TEMP/Appeals
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
$TEMP/Characterization
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
$TEMP/Construction
Resource
win11-20240214-en
Behavioral task
behavioral6
Sample
$TEMP/Designer
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
$TEMP/Elder
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/Pets
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
$TEMP/Strongly.exe
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
$TEMP/Yamaha
Resource
win11-20240221-en
Malware Config
Extracted
redline
@dxrkl0rd
45.15.156.142:33597
Targets
-
-
Target
AuroraV2.exe
-
Size
770KB
-
MD5
4354532285d1fee0e9e1f757e2fefd03
-
SHA1
ed4661c574ac9b67c6c87f0b672af3dd5439f004
-
SHA256
a76d0ca31629666d6fde15d21f0d225c1580d875ab7bb6d6a608f38e40190e8b
-
SHA512
66e2896f320db3f96319f5063dd7616e811cc4114b994a4582e990f8941408e5d281d5f51f629012a818081de5acf885a9cb40047040db98a2cacd7de777cc48
-
SSDEEP
24576:6bRO13jhaFVNLwBzlSaOaLp6RB3qrbRYItaXrc:w6CDLyz+MEBqvSIUc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$TEMP/Adapters
-
Size
179KB
-
MD5
b05211f89c3e471627978ceaadbece85
-
SHA1
3cb7685dc8dd9104e597da099412e7f96569c40e
-
SHA256
bcdf18a812ac1388024fc636d2556a408460ff73b5e17d8af94f56ab43e20ec7
-
SHA512
c3ea3ab452b403f03eb53356f88b7408bc8a5a1e919d2dcb5415ec5f3eaaf64f55f33b2561fecc0d6fc959304c0f3b325b9a208988850c00f749b4ca0ade3750
-
SSDEEP
1536:KIB4848M0IB4848bij1f2D262MSxIB4848n9C7p6g0HXplF9V2iJ7IB4848XtXnT:0k1f2D262l8ch
Score1/10 -
-
-
Target
$TEMP/Appeals
-
Size
197KB
-
MD5
9848974aacb0b13c0c6532a5fed69662
-
SHA1
7bb229cea9fd8008e526a9d1a529f5104eb515c0
-
SHA256
e645141706a7f1220384053729b30c3e25164dda4d9d6a1b8714c87209b4f3d5
-
SHA512
e07480490f8d42888e0c8577687f204ff6b287ec184a02dfddf055ecf9f013f70e326eddfbdd616c2d960dbff62de9e21d6e642d64f77ea5ff5caaef68fa61c6
-
SSDEEP
6144:AVPlcBgtoTqnvAfcaG9b2M8JTDD/xcq21R1f:OlcqikvAfcN9b2MyZa31f
Score1/10 -
-
-
Target
$TEMP/Characterization
-
Size
12KB
-
MD5
6d42e125318abf40c3e01b55e50545f7
-
SHA1
827980b79228e6ceb741733aad46a9033b261049
-
SHA256
76db08aa2202ac2cb27af4246f6a00957d15b96c2b3cee95443fbd708a39e57b
-
SHA512
875fa1ce29c8c4b08a0838366c34e5f35684e8532600a68b6a8050f517ae499f473b931de7c3f08f1d0ed7924c814e860b8b3c2481bead54ad8daa59a4f069f9
-
SSDEEP
384:SC8WWz2dD3lhZjTTZy1Jqavk+U/vMZ2mc:S/z2dBhZfTZy1JqFOZ2F
Score1/10 -
-
-
Target
$TEMP/Construction
-
Size
35KB
-
MD5
629dcdb5e964a46336b660452b9ee0ac
-
SHA1
1dd73d8d84c6ef575756f5b0e095f86a24da73c6
-
SHA256
d02e10a10f3743f4994e43c33c0e7648fcfa076396d525935f62b88ca308845e
-
SHA512
341fbbd2d9400cea6e6f476107fe65c2f739d5d9d5e36e75cd1a212fe1db79ebc60fcdfd85219fe4c11ce09da1a8cf0605fa840bf8d2237459eb121384b8d15d
-
SSDEEP
768:3CVoyO15DuOKHnrxbxZiUCu2iPaLTQ7Q1tCwqVLw7Vn8JMAnJyA:yVgCOa1ZBPaPQaEwo0B48A
Score1/10 -
-
-
Target
$TEMP/Designer
-
Size
279KB
-
MD5
e981cf4342c3cb2587880ffeacd43179
-
SHA1
ce15fa590a16d7ab918cb1e8074d1f49f6c64541
-
SHA256
12a7fc7dc3e1c2a1d44aa4b881fad1b83984ebdf96fb4f08f097117a535b11bf
-
SHA512
8cfdbc085721653144b544d8158f1c3e535429aef16a51c7be9e3672d359c0d7c9fe5f926e5c9b546cb32f1307f93ec67e0e8732c992e23aaa9dca90a2aa52ac
-
SSDEEP
3072:Sg/bZVUAg0FuPOKBNEBNUGXEyaAt7P+6b/xhgariwYLIYaWy4ZNo:h/wAOPOei7TdFW6fgarnYdhBZ2
Score1/10 -
-
-
Target
$TEMP/Elder
-
Size
155KB
-
MD5
f9f6a09d5817d513e984dd5d0cfc1d17
-
SHA1
5f968f4bf9c82b4104d40bd7d0d3229592f6561d
-
SHA256
4cf83f6e610eeb0ac7cbcd9c71e0bbda99cb465c1303a5e9ea6fcf59fc248ea6
-
SHA512
d5fc501a123e8c915ad510b7c6e79af185252065e53d6300c2ce7e9b63a74e2330a09296c333e6b56633c5182ca028f93feb4c8ba7211d75b9c80d48964b89f9
-
SSDEEP
3072:KixApVIa0/vidXqGjLPQ6ClAMfA4lelIJBSLPNL:KgA/12vk6AQzyMfA+e9
Score1/10 -
-
-
Target
$TEMP/Pets
-
Size
260KB
-
MD5
f6fb13732dc8c23095a35161fc8d2ecb
-
SHA1
e433eb58dfa69f3239988f6cec758d6f76ea12b8
-
SHA256
3973fbec123a1063743e3a2bd70c5cf0cdfabf20040673cad5060477cce2bd32
-
SHA512
84898b2794463bfcfc1edde01192370b8fb4613f3c66d93b9943688b7ef09da55d92168267fd40a572407f5c705b119204451dc4fd741af27b9c7166d2623431
-
SSDEEP
3072:1HaElpD2xbqN8DHjnxjpZUk0pCBXMwAMJnXUN/a7zrSrMQS7:JvD2xW+DH/ZRBXMwAGnWuzVp
Score1/10 -
-
-
Target
$TEMP/Strongly
-
Size
206KB
-
MD5
35f17b8bf9805bbe8b3befaf5244779b
-
SHA1
4cc81d66c0b6bb84d029cde9659dadd1152808ac
-
SHA256
2f35af3beabb1f0266efa6feb2903a117a14fb206c4c09fff96787bb313e7dd3
-
SHA512
2edf05aa46b9aef7e2aa77ae0a9385d09e8a18349549fc743bafee0f538227877dd47c17f90e7a558a9958a2f6083ace6b0a13f26006a2320968abe0825d2bfe
-
SSDEEP
3072:6CV26MqgQTc5F446iYNpK5SB7BJBzLZDKJtIs8di/37EM/j2xQ7:6i2VWTyFsJ8gNJBnGtINs7
Score1/10 -
-
-
Target
$TEMP/Yamaha
-
Size
229KB
-
MD5
8f2fbb0145076f576facc399174772f4
-
SHA1
1c4de51cf28843fb4ee97002ec126bd604836bc7
-
SHA256
5bbd83d4f4b38239cb22257c2d327afbf9aab99d97ab7045a71fa1083b61218f
-
SHA512
9eb7257d39914559ae729b5fada1519fb9e2003328ecb9f8b0b2c2075224bf141f122db2237b7b97a751dc76a5bc18d3447870be9d6b593062255592fdf350a5
-
SSDEEP
1536:Vf+i6iU0C9U9Ghxv7IB4848ZvbTeSrtK34FAMZvG0IB4848YDWj2HwHel7Yxski7:ciu934FjbVfxzhlmHfe9CDm
Score1/10 -