General
-
Target
FilesSetup.exe
-
Size
350.8MB
-
Sample
220307-t8dvxafee2
-
MD5
9c6ef6eedc7016c5fba6ba8920255042
-
SHA1
a0961165ea07828f3bf86a227d85abb8d4b11818
-
SHA256
18d2e2fb3c22f506e85bf2c858bb511b032bb373f5e3b5e34cfb0749e3032e3a
-
SHA512
c2234d3d2256036c702cfba0da2327b67ee08580e67e0fe2f76ca181493adfa2a1de0f0d351dfdca90a01f142ad312aae391ef04aa353ced5e497b49979dfacd
Static task
static1
Behavioral task
behavioral1
Sample
FilesSetup.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
FilesSetup.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
redline
dsf
185.215.113.72:61983
-
auth_value
b821593a97a1337ef8c5a6c45313524a
Targets
-
-
Target
FilesSetup.exe
-
Size
350.8MB
-
MD5
9c6ef6eedc7016c5fba6ba8920255042
-
SHA1
a0961165ea07828f3bf86a227d85abb8d4b11818
-
SHA256
18d2e2fb3c22f506e85bf2c858bb511b032bb373f5e3b5e34cfb0749e3032e3a
-
SHA512
c2234d3d2256036c702cfba0da2327b67ee08580e67e0fe2f76ca181493adfa2a1de0f0d351dfdca90a01f142ad312aae391ef04aa353ced5e497b49979dfacd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-