General
-
Target
B33669FDBB7B6F59AB6A2A2CB1F61DA2.exe
-
Size
4.5MB
-
Sample
210702-v69dj8mgge
-
MD5
b33669fdbb7b6f59ab6a2a2cb1f61da2
-
SHA1
678629843c893558e809fc2ac3622d0e224324d4
-
SHA256
9b57d08d13cd432a759c074c78969c21197119d3168d2496f507ace00feaa829
-
SHA512
a854489ad7c7297c7f9bac36670728ad7c837c1ad354f5f709925ebea5da4806c5ca1b6f76bdec0b6e2cf2dc8cd0c1832fa4dd7c6a48cdeef7678bdec22389c6
Static task
static1
Behavioral task
behavioral1
Sample
B33669FDBB7B6F59AB6A2A2CB1F61DA2.exe
Resource
win7v20210410
Malware Config
Extracted
redline
DomAni
ergerr3.top:80
Extracted
vidar
39.4
706
https://sergeevih43.tumblr.com
-
profile_id
706
Targets
-
-
Target
B33669FDBB7B6F59AB6A2A2CB1F61DA2.exe
-
Size
4.5MB
-
MD5
b33669fdbb7b6f59ab6a2a2cb1f61da2
-
SHA1
678629843c893558e809fc2ac3622d0e224324d4
-
SHA256
9b57d08d13cd432a759c074c78969c21197119d3168d2496f507ace00feaa829
-
SHA512
a854489ad7c7297c7f9bac36670728ad7c837c1ad354f5f709925ebea5da4806c5ca1b6f76bdec0b6e2cf2dc8cd0c1832fa4dd7c6a48cdeef7678bdec22389c6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-