General
-
Target
a29c2bf29259cca10e60041001b343cb
-
Size
266KB
-
Sample
220608-zv75gsdce7
-
MD5
a29c2bf29259cca10e60041001b343cb
-
SHA1
9f193df4a262989c24d7c212c2fd0c986829468c
-
SHA256
39f1a98ab29664ef492b052c44f6ea76148d75baaf55b7b037cc0575eb8b25d4
-
SHA512
c3f7a2f0ae60064b66ce872db59454709e73c2dadeb456993434c6ca940dc6584b68adba0f0b683bfdac28d4781dedced6966512d2ef9fc6c21cc02366003b25
Static task
static1
Behavioral task
behavioral1
Sample
a29c2bf29259cca10e60041001b343cb.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
PRIVATOS
185.215.113.75:81
-
auth_value
5ea9b11f430f74fc81d40ef634ac1813
Extracted
redline
allsup
193.150.103.38:5473
-
auth_value
e46711734d1a10599f62ed229e676578
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Targets
-
-
Target
a29c2bf29259cca10e60041001b343cb
-
Size
266KB
-
MD5
a29c2bf29259cca10e60041001b343cb
-
SHA1
9f193df4a262989c24d7c212c2fd0c986829468c
-
SHA256
39f1a98ab29664ef492b052c44f6ea76148d75baaf55b7b037cc0575eb8b25d4
-
SHA512
c3f7a2f0ae60064b66ce872db59454709e73c2dadeb456993434c6ca940dc6584b68adba0f0b683bfdac28d4781dedced6966512d2ef9fc6c21cc02366003b25
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-