General
-
Target
0x0006000000014b22-63.dat
-
Size
107KB
-
Sample
220720-xrp4dsfgh6
-
MD5
2ebc22860c7d9d308c018f0ffb5116ff
-
SHA1
78791a83f7161e58f9b7df45f9be618e9daea4cd
-
SHA256
8e2c9fd68fc850fa610d1edfd46fc4a66adbef24e42a1841290b0e0c08597e89
-
SHA512
d4842627f6fab09f9472ed0b09b5e012524bf6b821d90a753275f68de65b7ba084a9e15daca58a183f89b166cc9d2d2f2d6a81e1110e66c5822b548279c8c05e
Behavioral task
behavioral1
Sample
0x0006000000014b22-63.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
0x0006000000014b22-63.exe
Resource
win10v2004-20220715-en
Malware Config
Extracted
redline
@tag12312341
62.204.41.144:14096
-
auth_value
71466795417275fac01979e57016e277
Targets
-
-
Target
0x0006000000014b22-63.dat
-
Size
107KB
-
MD5
2ebc22860c7d9d308c018f0ffb5116ff
-
SHA1
78791a83f7161e58f9b7df45f9be618e9daea4cd
-
SHA256
8e2c9fd68fc850fa610d1edfd46fc4a66adbef24e42a1841290b0e0c08597e89
-
SHA512
d4842627f6fab09f9472ed0b09b5e012524bf6b821d90a753275f68de65b7ba084a9e15daca58a183f89b166cc9d2d2f2d6a81e1110e66c5822b548279c8c05e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-