General
-
Target
55.hta
-
Size
12KB
-
Sample
220805-byny1seddm
-
MD5
26ace4f34d7b5df03722125fe5280d4c
-
SHA1
7b9e7c2c60e66ec42061752d707ab70c3c84187a
-
SHA256
e49c5359656eedbca5bffe8ab5aada0e0b3301c47e426b028f27d6e89027adad
-
SHA512
5ad6cc4ae057d85a37f73b586ed0bbcf9857e7d918f302ba49772029d00bea6cb55d24f1249e33c0b2e05596fdaee813df0105032d96d91d56601b33b8555115
Static task
static1
Behavioral task
behavioral1
Sample
55.hta
Resource
win7-20220715-en
Malware Config
Extracted
gozi_ifsb
11111
trackingg-protectioon.cdn1.mozilla.net
194.76.225.168
194.76.224.242
-
base_path
/fonts/
-
build
250240
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
redline
bart
80.66.87.52:2500
-
auth_value
7d4c7c8f7ce4a858768b38d88316bd46
Targets
-
-
Target
55.hta
-
Size
12KB
-
MD5
26ace4f34d7b5df03722125fe5280d4c
-
SHA1
7b9e7c2c60e66ec42061752d707ab70c3c84187a
-
SHA256
e49c5359656eedbca5bffe8ab5aada0e0b3301c47e426b028f27d6e89027adad
-
SHA512
5ad6cc4ae057d85a37f73b586ed0bbcf9857e7d918f302ba49772029d00bea6cb55d24f1249e33c0b2e05596fdaee813df0105032d96d91d56601b33b8555115
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-