General
-
Target
proton free.exe
-
Size
2.4MB
-
Sample
220830-m9sl5ahea9
-
MD5
ba0fcc475c2ae5390cc58b8311141747
-
SHA1
cb3fa75cd34dce89b0adeb6ecac6c87f0f6629f5
-
SHA256
7f75065513270ddbfef0c8b2fea3a5a4b8023cbca6ca746929bc9cf888d96b78
-
SHA512
7bf633fad60e61a4cf888ba797761345322c32eb890e575b8348b6db9e3236021328ee75836a98a09a9ecccb60fa6cf8442541009e7f5141d288b5f0b51f1017
-
SSDEEP
24576:MSPlYgvYcYYFTbY8M6UltHMCETI1Rj+hO5AlyHoZLClwLVSJVVgRdNa5CJl3RuQV:MaYMJk1bHoZLClwsSJl31
Static task
static1
Behavioral task
behavioral1
Sample
proton free.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
proton free.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
ubica
185.106.92.228:24221
-
auth_value
abace2a6ba4a747fd979f4ce8da5f1d0
Targets
-
-
Target
proton free.exe
-
Size
2.4MB
-
MD5
ba0fcc475c2ae5390cc58b8311141747
-
SHA1
cb3fa75cd34dce89b0adeb6ecac6c87f0f6629f5
-
SHA256
7f75065513270ddbfef0c8b2fea3a5a4b8023cbca6ca746929bc9cf888d96b78
-
SHA512
7bf633fad60e61a4cf888ba797761345322c32eb890e575b8348b6db9e3236021328ee75836a98a09a9ecccb60fa6cf8442541009e7f5141d288b5f0b51f1017
-
SSDEEP
24576:MSPlYgvYcYYFTbY8M6UltHMCETI1Rj+hO5AlyHoZLClwLVSJVVgRdNa5CJl3RuQV:MaYMJk1bHoZLClwsSJl31
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-