General
-
Target
8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
-
Size
10.2MB
-
Sample
220824-vs5jcsgfak
-
MD5
abcd86848dd2dce5fa3f8725091d34ab
-
SHA1
c25be8fbed6d715c0c3e7a00ee2e89985ce27d42
-
SHA256
8674766007c7aed0b73283fb5003c4df128699e9b8a2aa675f526b8de02e73d4
-
SHA512
fbf4cb838433a68717beba43a324d8fe1290a492f5538f2aa20e22cb14e1f38bb9a80240bb1699824441b5192eefc850bffe553a93388f73bb5dab6dc0647009
-
SSDEEP
196608:BeEbGXVnICteEroXxoczlxZV3Gu5D4S267ygEGPt2CS30j8kg8ETL0DWcjKdCra:gEOInEroXF14S2D7qcDnTLxca
Behavioral task
behavioral1
Sample
8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
cheat
91.198.77.213:39963
Extracted
njrat
0.7d
HacKed
172.93.231.202:5552
dd7d6bc98a38de1b5ca51955ad0f1fec
-
reg_key
dd7d6bc98a38de1b5ca51955ad0f1fec
-
splitter
|'|'|
Targets
-
-
Target
8674766007C7AED0B73283FB5003C4DF128699E9B8A2A.exe
-
Size
10.2MB
-
MD5
abcd86848dd2dce5fa3f8725091d34ab
-
SHA1
c25be8fbed6d715c0c3e7a00ee2e89985ce27d42
-
SHA256
8674766007c7aed0b73283fb5003c4df128699e9b8a2aa675f526b8de02e73d4
-
SHA512
fbf4cb838433a68717beba43a324d8fe1290a492f5538f2aa20e22cb14e1f38bb9a80240bb1699824441b5192eefc850bffe553a93388f73bb5dab6dc0647009
-
SSDEEP
196608:BeEbGXVnICteEroXxoczlxZV3Gu5D4S267ygEGPt2CS30j8kg8ETL0DWcjKdCra:gEOInEroXF14S2D7qcDnTLxca
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-