General
-
Target
r1.zip
-
Size
12.9MB
-
Sample
240510-sl48xafc82
-
MD5
fd5667b6204863a114c75e65a339dc0c
-
SHA1
23c3d7f27ef07752f3613cd1cd4e1cce1ea64637
-
SHA256
dd49e60a45e3962b98b32d0ae9a1256ae1e60ba2b696a005fe221e32f96d996b
-
SHA512
52e2ef1422dfa33905f40163ede23db9783a9d328622bc7e7f175b9ecfd641216d657399e70c666e75aef233dda86e0c8987c04af9093e621282ba82aa08e50d
-
SSDEEP
196608:3NKz+POggIUpfQ6Z8BLj7wjJ8kpKxy3qVRnQVlw0CPAvaHQWioQeB4O03+74T0Ji:dK6POhIGLo7wjjKaOSlw0WQWQ0sjGWNH
Malware Config
Extracted
amadey
3.86
http://5.42.92.67
http://77.91.68.61
-
install_dir
ebb444342c
-
install_file
legola.exe
-
strings_key
5680b049188ecacbfa57b1b29c2f35a7
-
url_paths
/norm/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Extracted
redline
kira
77.91.68.48:19071
-
auth_value
1677a40fd8997eb89377e1681911e9c6
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
redline
581694481
https://pastebin.com/raw/NgsUAPya
Extracted
risepro
194.49.94.152
Extracted
redline
5345987420
https://pastebin.com/raw/NgsUAPya
Extracted
redline
5637482599
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
00dc3a43dda255a61bd370ebbf0fc0431112da3c176a205489b4a2113c396878
-
Size
390KB
-
MD5
b98729272c6d4df3a64402281ace8eb9
-
SHA1
e7085276b6444b67bafa946b8dc7d97cb9724481
-
SHA256
00dc3a43dda255a61bd370ebbf0fc0431112da3c176a205489b4a2113c396878
-
SHA512
51119438a29cea3ec18fc0196016d1eb4e61a9c97b198704251cb5ce762cced3257a6fb62d7c7be76f0eb60ae0cb551d31bc946f3bef89f4f3242be910b39229
-
SSDEEP
6144:Kiy+bnr+4p0yN90QEgIDkih24KNWnnVOYvWUo/+K1DEn0q9qkzlM4uM:SMrIy90+IJKNcOb/+K2nzokzlMM
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
061669c83be149e85a977dfd41981b6115bf335e8f5bf4a2c696247dbf3999c0
-
Size
479KB
-
MD5
da9628d206200541f94439093a97094e
-
SHA1
c5638efc45b8695458802fd3ad98e55715762ca2
-
SHA256
061669c83be149e85a977dfd41981b6115bf335e8f5bf4a2c696247dbf3999c0
-
SHA512
65f4e60de936967c989350a7fe4402ef868092013f5af39391cce52c2fae631937b851403c4cf0b087ae7b75109de8bcb454d0f0046a0de3ef1e56537e028c2b
-
SSDEEP
12288:LMrZy90PoaNuTNVYHTIQNJSngK3ITlWiy8KMn:Oy03NuZCzINYxWiN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
0cc30df7f6ff94fab7858c7361a84798ffe5198fda1df8e7320f4e14124fd535
-
Size
1.6MB
-
MD5
db49775df584d04028c83082753a41e4
-
SHA1
4c5e66c25845497bbc4181dd5e601cf49ae54830
-
SHA256
0cc30df7f6ff94fab7858c7361a84798ffe5198fda1df8e7320f4e14124fd535
-
SHA512
93ddb8d4f97263fc55df13832695ba63692016c840db1bdd629aa0f463e46c97bbf88cdc471423875c87956ffa2b66d6653474970123822e4515f182ff586eaf
-
SSDEEP
49152:9MsyWtfsl+3i5O5xzr6W/RFze49CMU1b:Os7m030k1lz//2
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
1b26ae68f4d9a6a0bfd1a8c92489c6dcdb1a4e6ca483442c2b307329cdfb9345
-
Size
390KB
-
MD5
bb0753dc0f21ba5b88f9efdfd5760f86
-
SHA1
ed86f97a30aa9d415af373a150da9ed444cc93aa
-
SHA256
1b26ae68f4d9a6a0bfd1a8c92489c6dcdb1a4e6ca483442c2b307329cdfb9345
-
SHA512
eb37c103e0d993f7021887a7447f4d158a90f1316d24d82041f4576996ea819ecbe7f03c382407e3a64e1bb0ad9c33c77f18f4fefe76dc8c74298a76a965b7b0
-
SSDEEP
12288:/Mrvy905HLz6SlnopjauhTjgBYCDSViHApFnQA:UycrPlnop2upczGViHAp1z
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3b9256f691d67ac85ae3172971e615fc85a2927279e384650e0e5d73e6201d90
-
Size
333KB
-
MD5
db031db0c2f83c7dc31f6a33ea4fb0e8
-
SHA1
e036ce1e5f3cbd4bba8f75252d22035f76d28ed8
-
SHA256
3b9256f691d67ac85ae3172971e615fc85a2927279e384650e0e5d73e6201d90
-
SHA512
abeebc4e59a691ca22c9eefb03c732bb66803a1a540cd7c8e35fdfadd7bee3495b168599e04524e0e7f814b058664eb1dc62859d398c78156991f0ac9efde1b3
-
SSDEEP
6144:i1RwZfFQDOioMvzATd5W0jbSXRYyghIqjjjjjjjCTGKR5/yjNNThd9g+0Xp:i/zDOioMvzA+iygiqjjjjjjjCTJkThto
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
3ddd80ba692516ca1977cdf6eb25ad59de7b9e87f447a412e2468a77ad1bbd8c
-
Size
332KB
-
MD5
cc374f6af71bc0a4356047a5632665f7
-
SHA1
0aad0c3600a0b007bef4847c257ccaeef1ef0955
-
SHA256
3ddd80ba692516ca1977cdf6eb25ad59de7b9e87f447a412e2468a77ad1bbd8c
-
SHA512
94b400ae0de8b33f8804e7be2c2c304e26f6b28b523398966160078f97bf996cb3f3ed2539085c2460eca9589134c2d0399c0f8152af9c7b09549600020f9761
-
SSDEEP
6144:S3zwDH1EpC8wM4ydBrEBniBBu0RSyghWvX/ZDsOJ5G+/GVy4+0Xp:SjZpGM4ydBm/ygQZDsOfGjVyV0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
3ff55c48fddf370349ae0853c3e33d313791cbfb7239e43b70ad977035a132c7
-
Size
479KB
-
MD5
b6d80dc8a9a38d1fd2ec4b293e64f072
-
SHA1
8816ea065ce4a0f76d480738c67542b9de1f60ef
-
SHA256
3ff55c48fddf370349ae0853c3e33d313791cbfb7239e43b70ad977035a132c7
-
SHA512
267e990d20bde3d5d83d17d8338455a1faafe55b027528b0da1bfa07786f0f738e43fa02a42fc9b7cda2ee0022adc3993b24b215ba1d320c7570826e79d3f6ca
-
SSDEEP
12288:fMr6y903YPrN02PEYCGsqSXthvojSK7TBJJRa:pyScNdVkLv+JY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
50be51fdd59dbf4ac078600bca6c8481f0e5baf0010085e6e0ce8d763e87da4b
-
Size
390KB
-
MD5
b98765fd9fa676950200180126ca55fa
-
SHA1
b90c5fb7694835cf0d411b0573a6e5ccfc87029e
-
SHA256
50be51fdd59dbf4ac078600bca6c8481f0e5baf0010085e6e0ce8d763e87da4b
-
SHA512
72fc0386dc80c3fcd3306be8cac7b85435adc9c61f2834f0c660023e6e8ae16a67d95600ed251d3999cc1e4b33be0f678ede05ae8c805641217f10782bb386f8
-
SSDEEP
6144:KJy+bnr+Fp0yN90QEtKC6Z223SgfSsBjvDfu/xLGC9wxrRf9x3S5V+ekRsR9TNKI:TMrpy90bL+i+7YF1wt59R5eOsTTkypL
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
565e580e2113d8503456c9416021bb7200f7fedadd8020c6d19340c32be7e1f4
-
Size
309KB
-
MD5
cb6e6dd23036d3e9c3fd6fcc4e12690f
-
SHA1
4a5ef41dca4f37163bec679914d69cf895069c51
-
SHA256
565e580e2113d8503456c9416021bb7200f7fedadd8020c6d19340c32be7e1f4
-
SHA512
cd8004da2fe9d31748171b180aab8d2d650f08ab57e8f08d748db120dbd10730a6ad2bba28618501cc1dad2f175084df0f44db0f0a002d9124832c8ae45031aa
-
SSDEEP
6144:P6hm2uPpiUxyd2eVps3AzNsNkZ8+cxdj91FtG0UyfvVR7/I:Sm2uPpit6eNsN08+oz/FUy3VR7I
Score1/10 -
-
-
Target
5f157bb7f5af6f00c288774953e6950cbcecbf52dfbf7a910b167c511b237980
-
Size
480KB
-
MD5
da1a7836295f867660a4ef08cbd034ad
-
SHA1
ba6d8cc6092de77df9c6dbbd70b3344739d2f7b6
-
SHA256
5f157bb7f5af6f00c288774953e6950cbcecbf52dfbf7a910b167c511b237980
-
SHA512
b992f960dbee603138e2d251048ce9448e2762cb7fae486f6fe3fbe9c739af5094a3d6f7dc6da38172c3b6a23ccc9b02a01edaeb73fee305c2dc0cdbb814973b
-
SSDEEP
12288:aMrYy90jit+Ui52alg5MAxa3xV6x3ANJ0+kwPvIKw8F0:iys1n2AHee0O0+/PvIJ8u
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6c066f3c43054e87d83f1b9983162f080d1fb4f01c5d81ac389dad5406dc5119
-
Size
1.5MB
-
MD5
b6bd0fe9e2f14162d22a601e59a1740b
-
SHA1
5a60ae626817e3638caca0fc80ad9a8200357e52
-
SHA256
6c066f3c43054e87d83f1b9983162f080d1fb4f01c5d81ac389dad5406dc5119
-
SHA512
af2f072c83766dc801720af1f3a94dca12035b46b3a038a4df7afecfb85021020f25b2f4827bcba7d6109176631730e0527772b37946564a40d6dc9ea92ae8d0
-
SSDEEP
24576:GygAJsoOr2n6P8VRrbjJJ+XODPh25hMojCFMQsEtJoFs/dboavD3ZCzY2:VgABQ+6kpcoh2MntHdbJvD3ZCz
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
8355a17b5fec607c779bf1f01bc6596fc82dd876042977ec7aba895db3f1faac
-
Size
309KB
-
MD5
b9b102e068106e1bb5ee1ec690f7e363
-
SHA1
0f162bff994a065fb08f224be4b5dc4eca2b73f9
-
SHA256
8355a17b5fec607c779bf1f01bc6596fc82dd876042977ec7aba895db3f1faac
-
SHA512
88aa7fb366e047aa081f60e457f39233e805459025119bc3e9826449fd7db155bba0db3c560272104342cd52ed8d5b8a79de589b4acbe9e99727df23a54c1870
-
SSDEEP
6144:KDy+bnr+tp0yN90QE75F5OYc1u31g4TByMPCKIRuOJIk/:xMrZy90jxc1u31TTEPKqDb
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9a3f5d3f84858840f8bdd8879b66a6c1ccb772e507f7f09dfe1c5a88e2d33db2
-
Size
390KB
-
MD5
b93f1a3f111ee22a2f3823ba610df83f
-
SHA1
baec460007c3386a3ae433bd896bfb94a70bdc3e
-
SHA256
9a3f5d3f84858840f8bdd8879b66a6c1ccb772e507f7f09dfe1c5a88e2d33db2
-
SHA512
b1c3a057f81e7bcab8910e9c0d10c9be0e0c1121703036c0f5a92bb8ad2f39689109a88f8b00554cf78899f8903cdd7b56ad9ff65238ae3a27dd61fac738560d
-
SSDEEP
6144:KVy+bnr+Mp0yN90QEtnrqjIgNYmaprhm7Wy1NEgVNxfCcHnlRH9sCPRmPZGn2RM:rMrMy90PrYNYmaprhYMcHnl9i9RG26
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
ae66f2f0715075257fd7cda872646950fd845087e7735d1171fc72267d7c4707
-
Size
390KB
-
MD5
bb002c60488c5ef7e62f582fbc73646f
-
SHA1
0e67525e9d135927871ab92f6db6dd936b7e1b92
-
SHA256
ae66f2f0715075257fd7cda872646950fd845087e7735d1171fc72267d7c4707
-
SHA512
73d5f57444de77b0e4d52d9bb18dc58c3e715a69669412ada51dc7e978a1890db92f8257e014f3b774c2e25b9bb41bb175ed992e807a4c1afea6aa5944bebc74
-
SSDEEP
6144:KNy+bnr+zp0yN90QE79p5+F4wAg0rKWKc5Fu048imlYLPrB:rMr3y90NQ4KCHKPolYLPrB
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b0fef95ff5abebcb9510c61f55646bd6731822877d3e350e98dcbd957727547c
-
Size
479KB
-
MD5
db47b4c37825cb2fd9c877a3b03020d7
-
SHA1
7fad71f30334c02815023d7006be1949db1cdc23
-
SHA256
b0fef95ff5abebcb9510c61f55646bd6731822877d3e350e98dcbd957727547c
-
SHA512
a8186f91990faa44876f21263fedf43701ee1228c3e04bc5306f1c141b33a47fe255a319fa1d2685ba7942d746914c5267c583f41cba2433a0ae1c7212e8287a
-
SSDEEP
6144:KTy+bnr+2p0yN90QEU/eH4MDtIA/3Dh/GbLz2jJ2HDI7qNV9uaYyDjjBkI4KUrZu:hMrmy90iWYeZxc+ac7qZuIzB5CrgnMK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
b11b1b57a3bb5f7ea58bd5b191ab3813432fcc41e7f4e321fa61b848d8c86606
-
Size
864KB
-
MD5
ba371037effb3bc1fb01bb593a705272
-
SHA1
a557ecb6ba798abf36b6c691d19e50e03e2285df
-
SHA256
b11b1b57a3bb5f7ea58bd5b191ab3813432fcc41e7f4e321fa61b848d8c86606
-
SHA512
373624c6d599275cd090fe584cb5ce26f3acabd2ed070623470764e5a43d875a6c0220bd36b056299773f3b8ff12cf19ce261ab7edd80661ad8d5c3b535a7556
-
SSDEEP
12288:yMrjy90R4n/HwA+x/tRDFjep/9fX7ZqpYM3b3GOfGsBuku78cKIyVUYFYZT5zd+O:Zy4k/HwVZWZqScasI778FIyTYZNsiF
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
cd9de412cda28c677351594338bc352dbcafb8652328624f624263b71bac3604
-
Size
491KB
-
MD5
dd10174f7fa3d017558c8310bf07d851
-
SHA1
08d795a3d2334906da989e46a7e57d4ba9aa9f41
-
SHA256
cd9de412cda28c677351594338bc352dbcafb8652328624f624263b71bac3604
-
SHA512
a714e8babdc8d8a0a9f8e6ef6430d4f1cde70d3d80a902a1e247eb93bdf76e91fa89c4132708e0c632469b725c625ae65e30a908f02018f10b23460a02ec9d05
-
SSDEEP
6144:byblvlO3FlxJyFVsxRc4jdcE2rnfUT2pMBUdwrKkUfzK4V19X8GnYkCDWFElr:bOlvlGIsThKrnfnMBBSzK4VwGYF6FYr
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
-
-
Target
db8411596845ee0bb667106c06caf801537d732f8726ab81f03248be803038f3
-
Size
481KB
-
MD5
b983bbfa2e93dade84538209720f5e08
-
SHA1
6aa74f2b866844d1b5fe626d72e29ff27ffe095f
-
SHA256
db8411596845ee0bb667106c06caf801537d732f8726ab81f03248be803038f3
-
SHA512
11e6207c8144315a15dfd8c7e486a2fff3d0d77a9c860e775ef8f5c50f4f61b12ab57fc5e61a3d821676857e701ff2c221aa11832987fca344a2ed861d58158a
-
SSDEEP
12288:pMrPy90u/cEIpe3ZHY+YtBEn1C3xvimDfHWu2BI95:uyD/mepfK2WvdLH6m5
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
dce60a71ca88a61a579b58be67a969e9f1f6620feaff4c7102883b680d0162cc
-
Size
3.8MB
-
MD5
dcbb8546ac03e3ee841683345965b5aa
-
SHA1
f1200632683ac24499e819d076d999759b6e8c24
-
SHA256
dce60a71ca88a61a579b58be67a969e9f1f6620feaff4c7102883b680d0162cc
-
SHA512
964cd4c3c1afcc069c59383e6de2f1d3f1f7fb873bb11c1552dd095529bcf6e6dd2b482a3b9f1862408dc6df15a5beb7d9a5f7bd1cd1e8a787e246fc6da76ed3
-
SSDEEP
49152:DtLCPo0lVRu6n4Vb/QNM0LZb5H5lK4tM5pRLoPPunS9NYnmJtE82FwIsUCGPdvmI:xSdlVRtngb/kM0LZbpCpi5GnsCw8dV5
Score1/10 -
-
-
Target
f5bf4176434a177447cba0b0c44a2aa84c6964ac958276a5f3d28429824e6a17
-
Size
274KB
-
MD5
db728cbf359c37fe47ef07fef8648cdf
-
SHA1
6bbde5a35fb494a1b3ba4bdefce2e813e04f6853
-
SHA256
f5bf4176434a177447cba0b0c44a2aa84c6964ac958276a5f3d28429824e6a17
-
SHA512
79daac25200bd5b39c6ee63ff11d00dc684650e5abb1bbef1c459c2167906cb33d821e4fb838c591393f7f2258337e10d8018aa0cb35103e2a64be492c341e9b
-
SSDEEP
6144:/BeaoQWhlmgEkiJUS+1zTi7IhVFzHoCuuiwpH:peaZ0wYZhjI4pH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1