General
-
Target
DDCD2BE64212B10C3CF84496A879B098.exe
-
Size
28.9MB
-
Sample
210719-lhj8p9yxea
-
MD5
ddcd2be64212b10c3cf84496a879b098
-
SHA1
08e50a11be5d12fb97bff058ee94fe59423058c0
-
SHA256
b013074d220d71877112b61e16927abbbb98ad29aa40609aca1b936332fbe4b7
-
SHA512
ac424ac69d0fc9561e11eaa8744b86ab7a6912637dc154e53c418b420d6f04ea65d55e04987e28ad1b10c011bd3aa8bd3cd1f86dd429aa2d2e7a4cf5ea6bd0c7
Static task
static1
Behavioral task
behavioral1
Sample
DDCD2BE64212B10C3CF84496A879B098.exe
Resource
win7v20210410
Malware Config
Extracted
Protocol: ftp- Host:
79.174.12.59 - Port:
21 - Username:
gFUhfuFUTfTFu6tr&6yfgvHd - Password:
GHhgJHg%Uk@ghgvbcg5jhv67ujhv
Extracted
Protocol: ftp- Host:
79.174.12.59 - Port:
21 - Username:
xvcbfsc4er2efdfxbse - Password:
AdaDsfefwefvwe4werf
Extracted
redline
002
62.109.1.213:26078
Extracted
darkcomet
Guest1
83.136.232.97:1660
DC_MUTEX-F54S21D
-
gencode
QwM3dECHz21k
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
DDCD2BE64212B10C3CF84496A879B098.exe
-
Size
28.9MB
-
MD5
ddcd2be64212b10c3cf84496a879b098
-
SHA1
08e50a11be5d12fb97bff058ee94fe59423058c0
-
SHA256
b013074d220d71877112b61e16927abbbb98ad29aa40609aca1b936332fbe4b7
-
SHA512
ac424ac69d0fc9561e11eaa8744b86ab7a6912637dc154e53c418b420d6f04ea65d55e04987e28ad1b10c011bd3aa8bd3cd1f86dd429aa2d2e7a4cf5ea6bd0c7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-