General
-
Target
aue.exe
-
Size
2.3MB
-
Sample
220421-xplm7afbh5
-
MD5
59fe49e18a0d7e34c341039b9e201a1b
-
SHA1
4dcff49906fc3edc5f56597ad5603de95406bd42
-
SHA256
2c03b271f9f6870ba2d36e812d737d841b3fec61d0f1404271af57cfee4610a8
-
SHA512
0f16da2dc9dee0e4779bcfb6cefb06be083ea1cc0c96ae3faa168d3c403f5ebfc8db116159112c25cc491544e355f4c777ff3d9d328794dfc5402e32e1403de5
Static task
static1
Behavioral task
behavioral1
Sample
aue.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
install
193.150.103.38:40169
-
auth_value
7b121606198c8456e17d49ab8c2d0e42
Targets
-
-
Target
aue.exe
-
Size
2.3MB
-
MD5
59fe49e18a0d7e34c341039b9e201a1b
-
SHA1
4dcff49906fc3edc5f56597ad5603de95406bd42
-
SHA256
2c03b271f9f6870ba2d36e812d737d841b3fec61d0f1404271af57cfee4610a8
-
SHA512
0f16da2dc9dee0e4779bcfb6cefb06be083ea1cc0c96ae3faa168d3c403f5ebfc8db116159112c25cc491544e355f4c777ff3d9d328794dfc5402e32e1403de5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-