General
-
Target
209609199e47fecdd76a96dabf1f9cf5
-
Size
372KB
-
Sample
220412-kdd3racdg2
-
MD5
209609199e47fecdd76a96dabf1f9cf5
-
SHA1
4ad578096b72f376bd012d3f3ba6a6cd7f162432
-
SHA256
217265e900ce6d8b7750e25c9d4560715f2e58be5a2aa9210ba4f9974ae760c8
-
SHA512
b8893d5d367afb465420e1c0671510db6b1f4603458a0bd416f5ded0f670f7ccdef37133ddf0049dccd822d6b42b0565a94f7f0530d6093d80cedc4638ae08d9
Malware Config
Extracted
redline
123
188.68.205.12:7053
-
auth_value
cba3087b3c1a6a9c43b3f96591452ea2
Targets
-
-
Target
209609199e47fecdd76a96dabf1f9cf5
-
Size
372KB
-
MD5
209609199e47fecdd76a96dabf1f9cf5
-
SHA1
4ad578096b72f376bd012d3f3ba6a6cd7f162432
-
SHA256
217265e900ce6d8b7750e25c9d4560715f2e58be5a2aa9210ba4f9974ae760c8
-
SHA512
b8893d5d367afb465420e1c0671510db6b1f4603458a0bd416f5ded0f670f7ccdef37133ddf0049dccd822d6b42b0565a94f7f0530d6093d80cedc4638ae08d9
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
LoaderBot executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-