General
-
Target
8f53ac20b7777477c10ecbe163968c472457d3819ebafb20f232c5b1a448eb1b
-
Size
413KB
-
Sample
220808-kdkwasgacl
-
MD5
127768b759970c351b9d9947c97a3c83
-
SHA1
5c7cca03e0cd8af8a5bb2c70a48f917965ae9514
-
SHA256
8f53ac20b7777477c10ecbe163968c472457d3819ebafb20f232c5b1a448eb1b
-
SHA512
b324d7ff35c2ab81ccee687d32af9e9f30b2a75182a5cf9244061069ffcf3718df5c7b06c40819e772309f6aaba2cfe987e13c821c85471c6bb1a437fa06dffd
Static task
static1
Behavioral task
behavioral1
Sample
8f53ac20b7777477c10ecbe163968c472457d3819ebafb20f232c5b1a448eb1b.exe
Resource
win7-20220715-en
Malware Config
Extracted
redline
1
207.32.218.115:4162
-
auth_value
58f3be996f732af4b1f9624e1a783249
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
8f53ac20b7777477c10ecbe163968c472457d3819ebafb20f232c5b1a448eb1b
-
Size
413KB
-
MD5
127768b759970c351b9d9947c97a3c83
-
SHA1
5c7cca03e0cd8af8a5bb2c70a48f917965ae9514
-
SHA256
8f53ac20b7777477c10ecbe163968c472457d3819ebafb20f232c5b1a448eb1b
-
SHA512
b324d7ff35c2ab81ccee687d32af9e9f30b2a75182a5cf9244061069ffcf3718df5c7b06c40819e772309f6aaba2cfe987e13c821c85471c6bb1a437fa06dffd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-