General
-
Target
c342639290e42ce0860f250279c8025d
-
Size
227KB
-
Sample
220608-b8n2rsdhdm
-
MD5
c342639290e42ce0860f250279c8025d
-
SHA1
c659a8d89ee09783177ea36cbb77a207a0ad018d
-
SHA256
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
SHA512
9519f0feaf37e49e514653c819511ef029dff57000157264cd44ee4daee73967e1b6b98cbb7e819033d3486c860e97ff5eb32447568a8ea21a5a08ef8e47f0d2
Static task
static1
Behavioral task
behavioral1
Sample
c342639290e42ce0860f250279c8025d.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
allsup
193.150.103.38:5473
-
auth_value
e46711734d1a10599f62ed229e676578
Extracted
redline
PRIVATOS
185.215.113.75:81
-
auth_value
5ea9b11f430f74fc81d40ef634ac1813
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Targets
-
-
Target
c342639290e42ce0860f250279c8025d
-
Size
227KB
-
MD5
c342639290e42ce0860f250279c8025d
-
SHA1
c659a8d89ee09783177ea36cbb77a207a0ad018d
-
SHA256
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
SHA512
9519f0feaf37e49e514653c819511ef029dff57000157264cd44ee4daee73967e1b6b98cbb7e819033d3486c860e97ff5eb32447568a8ea21a5a08ef8e47f0d2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-