General
-
Target
Aura.exe
-
Size
493KB
-
Sample
240629-lg563sxglj
-
MD5
7e7b8be8a1f1ef05c932ea1e8eab6590
-
SHA1
f790227a5148d6cba037c24643306f330c6fe5f4
-
SHA256
c7383b039d569cc256026d6b7985bb763f36530708bca3e4f82fa130d2d7dfbb
-
SHA512
c57fc80bf97309ca887c88526fc586b080d47c4f2ebe611d40f94f48c0af2b7c56cec19f0379a5bc27bd6a0e2f75bdb7953c05bcc1069633812bbd22649ef890
-
SSDEEP
12288:qGlz1vS9p1+kOwILHmKfZcBg688m/Iezfihoto8:qyNSgJqBg6NmAeehn
Static task
static1
Behavioral task
behavioral1
Sample
Aura.exe
Resource
win11-20240611-en
Malware Config
Extracted
redline
@hitok4111
94.228.166.68:80
Targets
-
-
Target
Aura.exe
-
Size
493KB
-
MD5
7e7b8be8a1f1ef05c932ea1e8eab6590
-
SHA1
f790227a5148d6cba037c24643306f330c6fe5f4
-
SHA256
c7383b039d569cc256026d6b7985bb763f36530708bca3e4f82fa130d2d7dfbb
-
SHA512
c57fc80bf97309ca887c88526fc586b080d47c4f2ebe611d40f94f48c0af2b7c56cec19f0379a5bc27bd6a0e2f75bdb7953c05bcc1069633812bbd22649ef890
-
SSDEEP
12288:qGlz1vS9p1+kOwILHmKfZcBg688m/Iezfihoto8:qyNSgJqBg6NmAeehn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-