General
-
Target
0f2be4fe0362766dcf339d4c03326bc4
-
Size
494KB
-
Sample
220802-yx89wsbhgk
-
MD5
0f2be4fe0362766dcf339d4c03326bc4
-
SHA1
69e26e9e75e8a8359d232d8e14318b9235e1a828
-
SHA256
2f96d468f1c62104047e67e8dcd2a8590924e99f85f5c009f348f67bd83e2529
-
SHA512
8d3d86dd98c04fea1a212be212b155dec3895fb88806c6bc460820635179ca3e9f60296cf448d3054fcccd38c311097395d108e6481aba5c60a6308d9b785150
Static task
static1
Behavioral task
behavioral1
Sample
0f2be4fe0362766dcf339d4c03326bc4.exe
Resource
win7-20220715-en
Malware Config
Extracted
gozi_ifsb
11111
trackingg-protectioon.cdn1.mozilla.net
194.76.225.168
194.76.224.242
-
base_path
/fonts/
-
build
250240
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
redline
bart
80.66.87.52:2500
-
auth_value
7d4c7c8f7ce4a858768b38d88316bd46
Targets
-
-
Target
0f2be4fe0362766dcf339d4c03326bc4
-
Size
494KB
-
MD5
0f2be4fe0362766dcf339d4c03326bc4
-
SHA1
69e26e9e75e8a8359d232d8e14318b9235e1a828
-
SHA256
2f96d468f1c62104047e67e8dcd2a8590924e99f85f5c009f348f67bd83e2529
-
SHA512
8d3d86dd98c04fea1a212be212b155dec3895fb88806c6bc460820635179ca3e9f60296cf448d3054fcccd38c311097395d108e6481aba5c60a6308d9b785150
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-