General
-
Target
Pre Order July.js
-
Size
215KB
-
Sample
220628-df6gfsgeg7
-
MD5
2e159cf4f5924625a4eaa85394878bf3
-
SHA1
9d5f3c428d9681fe05804b24bc38b6131c3bef19
-
SHA256
4f21d283e1fec9f76d4855d6dc903a18f356ee0f71334f8dc5780047a9f1ad86
-
SHA512
7fad1197e2c0f216e75986ba7044c1f02ebb01c8b2175ace3156a5d88f065b8c49da1ba3c2310200bd1bf9bb51b76a6a1f01cc4de8a73dc87dddd0443b7ba072
Static task
static1
Behavioral task
behavioral1
Sample
Pre Order July.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Pre Order July.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
Mr TT
45.138.16.233:1985
Targets
-
-
Target
Pre Order July.js
-
Size
215KB
-
MD5
2e159cf4f5924625a4eaa85394878bf3
-
SHA1
9d5f3c428d9681fe05804b24bc38b6131c3bef19
-
SHA256
4f21d283e1fec9f76d4855d6dc903a18f356ee0f71334f8dc5780047a9f1ad86
-
SHA512
7fad1197e2c0f216e75986ba7044c1f02ebb01c8b2175ace3156a5d88f065b8c49da1ba3c2310200bd1bf9bb51b76a6a1f01cc4de8a73dc87dddd0443b7ba072
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-