General
-
Target
Proton Vpn Installer.exe
-
Size
4.7MB
-
Sample
220830-prjbvaadc3
-
MD5
ad0afb80cbf03f4ee57b8051efd97411
-
SHA1
88c04f7c968a2fdfc292c8daa64b713def85d130
-
SHA256
19b3c0b407d7ed23f23f65a2eac406403b2e9556a0ab40f2dc7172a09fb1679b
-
SHA512
6c4ae22c9ea90ae742faccdeb63d16fbef3ce97d9cad42afd277e72644338ed805c4c5d0adeb81aedb96d3fba07bcd433a118d9301ee48b93cbf41d612d94705
-
SSDEEP
98304:EKCdwf95mOekURF6SgUpww4ZVDT4ekQq9xRNKxY42BmuVQ+d7E9goV:Ezd+GNgUywuDT4aSzN1f2+d7UgoV
Static task
static1
Behavioral task
behavioral1
Sample
Proton Vpn Installer.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
5c12f2d1959f16ee9dea308bdd09a786
Targets
-
-
Target
Proton Vpn Installer.exe
-
Size
4.7MB
-
MD5
ad0afb80cbf03f4ee57b8051efd97411
-
SHA1
88c04f7c968a2fdfc292c8daa64b713def85d130
-
SHA256
19b3c0b407d7ed23f23f65a2eac406403b2e9556a0ab40f2dc7172a09fb1679b
-
SHA512
6c4ae22c9ea90ae742faccdeb63d16fbef3ce97d9cad42afd277e72644338ed805c4c5d0adeb81aedb96d3fba07bcd433a118d9301ee48b93cbf41d612d94705
-
SSDEEP
98304:EKCdwf95mOekURF6SgUpww4ZVDT4ekQq9xRNKxY42BmuVQ+d7E9goV:Ezd+GNgUywuDT4aSzN1f2+d7UgoV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-