General
-
Target
bbe53788c93f1feb8c52908d74ae463d58addef354242fb4bfa423560ea82458
-
Size
419KB
-
Sample
240325-fncv8agg43
-
MD5
27499cf0e73817392b9f50cc9e82c2b3
-
SHA1
a0efab9cdb4b2a4a920f4ab76095d24806d7812f
-
SHA256
bbe53788c93f1feb8c52908d74ae463d58addef354242fb4bfa423560ea82458
-
SHA512
94b6768d229da70e558ede3b339b99f3c67657f5ce6b76d123a9df0226c3c6677e9585dd42fa5a74df901e7b0cc3dd0a89a0c9bfc82271706b4af97a00f4f414
-
SSDEEP
6144:dOpt5U2F/o+89gzpGzlpKmu9HiFqVOmZce8dsGlEpD:Q5U2FQ+8+cpKmu9HikghdsG2h
Static task
static1
Behavioral task
behavioral1
Sample
bbe53788c93f1feb8c52908d74ae463d58addef354242fb4bfa423560ea82458.exe
Resource
win7-20240220-en
Malware Config
Extracted
amadey
4.18
-
install_dir
154561dcbf
-
install_file
Dctooux.exe
-
strings_key
2cd47fa043c815e1a033c67832f3c6a5
-
url_paths
/j4Fvskd3/index.php
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
5.42.65.68:29093
Extracted
amadey
4.18
-
strings_key
2cd47fa043c815e1a033c67832f3c6a5
-
url_paths
/j4Fvskd3/index.php
Targets
-
-
Target
bbe53788c93f1feb8c52908d74ae463d58addef354242fb4bfa423560ea82458
-
Size
419KB
-
MD5
27499cf0e73817392b9f50cc9e82c2b3
-
SHA1
a0efab9cdb4b2a4a920f4ab76095d24806d7812f
-
SHA256
bbe53788c93f1feb8c52908d74ae463d58addef354242fb4bfa423560ea82458
-
SHA512
94b6768d229da70e558ede3b339b99f3c67657f5ce6b76d123a9df0226c3c6677e9585dd42fa5a74df901e7b0cc3dd0a89a0c9bfc82271706b4af97a00f4f414
-
SSDEEP
6144:dOpt5U2F/o+89gzpGzlpKmu9HiFqVOmZce8dsGlEpD:Q5U2FQ+8+cpKmu9HikghdsG2h
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-