General
-
Target
add7123abd35961cd5eb235d05a586b8
-
Size
309KB
-
Sample
220707-f8ekjsdgck
-
MD5
add7123abd35961cd5eb235d05a586b8
-
SHA1
9079578feff42a25dc882f4f0a36cbf8ee9afbb3
-
SHA256
3bbb436796b9034e971ec49fcbda99794cd5fd3f8ef19f20d5a5b914e8b367bf
-
SHA512
3a3832a2759bd547c6c08def54a834a862e6df4b6a8c205d22256f88d3f332617fcd1cd4f4b0b5c99079dc02936ec751d98e04199cbb6129ed23ba47b7518aad
Static task
static1
Behavioral task
behavioral1
Sample
PO for GQ 202232.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
cheat
okoh1234.duckdns.org:43784
Targets
-
-
Target
PO for GQ 202232.exe
-
Size
606KB
-
MD5
47d5e0b7294447c54f28125c64e869f0
-
SHA1
55f7c7787de1c9ed2e066476051504e37c6f81d9
-
SHA256
782a81449df29555388f8f5bbbaeff70a595d2ffa59bcd0f4b7126e7dfb0ebfa
-
SHA512
aee2da98fff7ecdb8efd4c1e0b6078eaebb535bc9aae439ac914859bab3c95c676529446dae790f103515d6c26219a36ec82fc5b78af6cf5e8e0b8879a7cc843
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-