General
-
Target
7644466223.zip
-
Size
5.0MB
-
Sample
220628-vbc3sacfc2
-
MD5
65488a8564ed14cfe35c2915e659f4a9
-
SHA1
a29f5b1d2ff1647204165fc0e4cd7b87f96181f1
-
SHA256
c318a99c2ae429bedb66978a044cf511e390e3f4b5dc35bf283f5719956b001f
-
SHA512
e9e98e59493fc7a59320787b0aac7f81902207679b7b4ecf719b919b7937cb9f187bb6faa887b0c84b45c2d412ed138b5e4bc08c5086895cf07073c4753376cd
Static task
static1
Behavioral task
behavioral1
Sample
f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
Notepad_2
194.36.177.124:39456
-
auth_value
37464cc4dd294b9925a8c1092e1c72a9
Targets
-
-
Target
f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2
-
Size
440.0MB
-
MD5
215f71b938daacad9625b251c880264a
-
SHA1
22689156e4318332f2560f1a4909febc19226582
-
SHA256
f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2
-
SHA512
8818b88cbe303a377a0a0fcb0497eeab863ecf9097fa37553b3d52e87b3133562af58196fe49c3089e983e5f11c330ca740dc2fef12206715e5c35f47aa6ccc1
-
Detect PureCrypter loader
-
PureCrypter
PureCrypter is a loader which is intended for downloading and executing additional payloads.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-