General
-
Target
7746816161.zip
-
Size
714KB
-
Sample
220725-m779sshde8
-
MD5
54355987deaceb73bed99f1122fc582f
-
SHA1
a292b1323549a8a65ab0ee0cc71bf4db698828ad
-
SHA256
a5f5bbe8fe2353733e90cd91c04a5c3ac111881daa1f5a9372728821f320845c
-
SHA512
893f47d76b4c7db03c4d9bc7092ff50322376dfe9178567efe44115c68531c48af7db10528330a7a271167778a1021a82a641c9c98ac4bbd16bd2046ed76b846
Static task
static1
Behavioral task
behavioral1
Sample
86100403717b976b362ecf17cefe7f3055b4fca07ca66413c0b9eacd9e3f03b7.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
86100403717b976b362ecf17cefe7f3055b4fca07ca66413c0b9eacd9e3f03b7.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
@ternetyFPL
62.204.41.144:14096
-
auth_value
449f565b5fc3449e1b02eaa2fe5a56dd
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
86100403717b976b362ecf17cefe7f3055b4fca07ca66413c0b9eacd9e3f03b7
-
Size
2.5MB
-
MD5
d5646c90a8af09a6e669a8e471005bbd
-
SHA1
526b70c4b3762c8983e8bb19b57ada1f75c52b19
-
SHA256
86100403717b976b362ecf17cefe7f3055b4fca07ca66413c0b9eacd9e3f03b7
-
SHA512
4d948f4923877f29fe64991c90ea3a6c08473bc61cb6573151039e12a52f7a70d4e721c3888985df6d90cdeeb093cc36074d68597448d00e37f9f011af07645e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-