General
-
Target
aef619f1c892e20591b6f57ae94919de0f64321bb3199992a6be157396451828
-
Size
926KB
-
Sample
220803-gsdtraghep
-
MD5
8403aafb699102c31454cd352a849553
-
SHA1
9dc9d5b7898e0ed77e1613adeb9f94eacafbe257
-
SHA256
aef619f1c892e20591b6f57ae94919de0f64321bb3199992a6be157396451828
-
SHA512
f77e0f1af74bb1f8efd4feadb3b94c87ac7f05bec360b23da8a2ca586b18d74cac4a134016a8a899615086386afc9de3ff51e8bfe598385e699bf2556ef2f208
Static task
static1
Behavioral task
behavioral1
Sample
aef619f1c892e20591b6f57ae94919de0f64321bb3199992a6be157396451828.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
redline
nam3
103.89.90.61:18728
-
auth_value
64b900120bbceaa6a9c60e9079492895
Extracted
redline
4
31.41.244.134:11643
-
auth_value
a516b2d034ecd34338f12b50347fbd92
Extracted
redline
5076357887
195.54.170.157:16525
-
auth_value
0dfaff60271d374d0c206d19883e06f3
Extracted
raccoon
afb5c633c4650f69312baef49db9dfa4
http://77.73.132.84
Extracted
raccoon
f0c8034c83808635df0d9d8726d1bfd6
http://45.95.11.158/
Targets
-
-
Target
aef619f1c892e20591b6f57ae94919de0f64321bb3199992a6be157396451828
-
Size
926KB
-
MD5
8403aafb699102c31454cd352a849553
-
SHA1
9dc9d5b7898e0ed77e1613adeb9f94eacafbe257
-
SHA256
aef619f1c892e20591b6f57ae94919de0f64321bb3199992a6be157396451828
-
SHA512
f77e0f1af74bb1f8efd4feadb3b94c87ac7f05bec360b23da8a2ca586b18d74cac4a134016a8a899615086386afc9de3ff51e8bfe598385e699bf2556ef2f208
-
Raccoon Stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-