General
-
Target
jgadfgadfgadfgadfg.bin
-
Size
86KB
-
Sample
220717-wzbejafehk
-
MD5
ad8364cf205c83121bc0a814e757cafe
-
SHA1
e9e8f645e34f37f88ea81f9a58a80e215a0b5ce6
-
SHA256
37926c19118bb775fdc7e1ed9198ad5c28a9d3ebf7fbb8f3bc9c59915f03c7b6
-
SHA512
49fc7c62cf19c6e9026d2654ca587b3f80970a6c19b2729139f30da12c7acd9c0c14334d3e575b206bd9e56e46bb11009259111da688df08a3239c9889995cb8
Static task
static1
Behavioral task
behavioral1
Sample
jgadfgadfgadfgadfg.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
cheats
5.249.162.225:16731
Targets
-
-
Target
jgadfgadfgadfgadfg.bin
-
Size
86KB
-
MD5
ad8364cf205c83121bc0a814e757cafe
-
SHA1
e9e8f645e34f37f88ea81f9a58a80e215a0b5ce6
-
SHA256
37926c19118bb775fdc7e1ed9198ad5c28a9d3ebf7fbb8f3bc9c59915f03c7b6
-
SHA512
49fc7c62cf19c6e9026d2654ca587b3f80970a6c19b2729139f30da12c7acd9c0c14334d3e575b206bd9e56e46bb11009259111da688df08a3239c9889995cb8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-