General
-
Target
13b80a5b971d1c6fe4a37234dff4d1d5.exe
-
Size
274KB
-
Sample
220725-bms4laghfk
-
MD5
13b80a5b971d1c6fe4a37234dff4d1d5
-
SHA1
99c3dff0b01aa403bacc058b552ac597702ab366
-
SHA256
d47f6b63f0442a8a7aa10503401180fd337fbdd5ec7388f1505cce1d39a36638
-
SHA512
8a0508411681cdaee2e134b669ebcb73e71fbd49ef2baba456cce1d58376bf8fd173c174850db30983e424f9960b9d893ea478e0ea88766fc4a6ab48cc599625
Behavioral task
behavioral1
Sample
13b80a5b971d1c6fe4a37234dff4d1d5.exe
Resource
win7-20220715-en
Malware Config
Extracted
redline
cheat
172.93.144.171:50831
Extracted
njrat
0.7d
HacKed
172.93.231.202:5552
dd7d6bc98a38de1b5ca51955ad0f1fec
-
reg_key
dd7d6bc98a38de1b5ca51955ad0f1fec
-
splitter
|'|'|
Targets
-
-
Target
13b80a5b971d1c6fe4a37234dff4d1d5.exe
-
Size
274KB
-
MD5
13b80a5b971d1c6fe4a37234dff4d1d5
-
SHA1
99c3dff0b01aa403bacc058b552ac597702ab366
-
SHA256
d47f6b63f0442a8a7aa10503401180fd337fbdd5ec7388f1505cce1d39a36638
-
SHA512
8a0508411681cdaee2e134b669ebcb73e71fbd49ef2baba456cce1d58376bf8fd173c174850db30983e424f9960b9d893ea478e0ea88766fc4a6ab48cc599625
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-