General
-
Target
09637f910840cebb2f1e2524414c8d62.exe
-
Size
5.9MB
-
Sample
220216-2aadtsdga9
-
MD5
09637f910840cebb2f1e2524414c8d62
-
SHA1
f31516f4e0008dd5dea7f85722488a9db7007e43
-
SHA256
58484d3924b8c496a925660742b55da793ec4048765edf87c3116e5fb34ebeae
-
SHA512
9498b20333ca822c88358aa773475bd7604b2e1905417d078014ed41b084e2ab28a1ce197bc4e74aa49b3f2659d051cf803fd98ce9115442654c20b96c837a2c
Static task
static1
Behavioral task
behavioral1
Sample
09637f910840cebb2f1e2524414c8d62.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
09637f910840cebb2f1e2524414c8d62.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
TEST1
86.107.197.196:63065
-
auth_value
27ffc688a5404c680b9ac629d48e2917
Extracted
redline
fsdfsd
86.107.197.196:63065
-
auth_value
b81e14f18d963d6a399900f4e9593719
Targets
-
-
Target
09637f910840cebb2f1e2524414c8d62.exe
-
Size
5.9MB
-
MD5
09637f910840cebb2f1e2524414c8d62
-
SHA1
f31516f4e0008dd5dea7f85722488a9db7007e43
-
SHA256
58484d3924b8c496a925660742b55da793ec4048765edf87c3116e5fb34ebeae
-
SHA512
9498b20333ca822c88358aa773475bd7604b2e1905417d078014ed41b084e2ab28a1ce197bc4e74aa49b3f2659d051cf803fd98ce9115442654c20b96c837a2c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-