General
-
Target
f770509e5c3cdad63ef803a2896c43adc292aa8e88c8cb7ecb8701273f46799b
-
Size
4.0MB
-
Sample
220315-r6bawsbbhj
-
MD5
80eb14d3bb3389ddddb8d6cd11959f27
-
SHA1
190c925fcc3dba2c2fbc805fdd1c5fe6cc972b34
-
SHA256
f770509e5c3cdad63ef803a2896c43adc292aa8e88c8cb7ecb8701273f46799b
-
SHA512
123eeb2e50f773e69ce2afef2b4b8ba956ca7854ffef1d0f8d5e694b051917220ceaffffd36fa9755d1f013d9679f3c32ab8c22fae2aee5e3be61b85a3c1af50
Static task
static1
Behavioral task
behavioral1
Sample
f770509e5c3cdad63ef803a2896c43adc292aa8e88c8cb7ecb8701273f46799b.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
DomAni
varinnitof.xyz:80
Extracted
redline
da da
86.107.197.196:63065
-
auth_value
9b1654b30797c210c85bd0890936a5b9
Extracted
vidar
50.9
937
https://ieji.de/@sam7al
https://busshi.moe/@sam0al
-
profile_id
937
Extracted
vidar
50.9
1177
https://ieji.de/@sam7al
https://busshi.moe/@sam0al
-
profile_id
1177
Targets
-
-
Target
f770509e5c3cdad63ef803a2896c43adc292aa8e88c8cb7ecb8701273f46799b
-
Size
4.0MB
-
MD5
80eb14d3bb3389ddddb8d6cd11959f27
-
SHA1
190c925fcc3dba2c2fbc805fdd1c5fe6cc972b34
-
SHA256
f770509e5c3cdad63ef803a2896c43adc292aa8e88c8cb7ecb8701273f46799b
-
SHA512
123eeb2e50f773e69ce2afef2b4b8ba956ca7854ffef1d0f8d5e694b051917220ceaffffd36fa9755d1f013d9679f3c32ab8c22fae2aee5e3be61b85a3c1af50
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE GCleaner Downloader Activity M5
-
suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
-
OnlyLogger Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-