General
-
Target
8c6fea45b61ff93dbeafe30d209bf92d.exe
-
Size
726KB
-
Sample
220831-htr87saeeq
-
MD5
8c6fea45b61ff93dbeafe30d209bf92d
-
SHA1
024925adb0747c09c9b846de9fd125f5d75109f3
-
SHA256
cc15b38a983b75a109fdc1998d831abc4ba1b2b7cceb07303d1b4302ea118c06
-
SHA512
ab360c45361e359eac349abf3b954c98e5a4e0ea0d7c507457aea4552a413e29ee7b8a91927f2909d1dff3bef6f25a80afc4a421738103b4a6abfb491f5eca36
-
SSDEEP
12288:1zHw364YEB1h+wo9P5xVRVpzK3kfr79LOvtyHRIv05kTvDKOgbxXaLMKfpj+mTf/:RWNzm83NMCN/3
Static task
static1
Behavioral task
behavioral1
Sample
8c6fea45b61ff93dbeafe30d209bf92d.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
Lyla30.08
185.215.113.216:21921
-
auth_value
0eb4d55b7d35f68efdb8f969294da5d1
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
8c6fea45b61ff93dbeafe30d209bf92d.exe
-
Size
726KB
-
MD5
8c6fea45b61ff93dbeafe30d209bf92d
-
SHA1
024925adb0747c09c9b846de9fd125f5d75109f3
-
SHA256
cc15b38a983b75a109fdc1998d831abc4ba1b2b7cceb07303d1b4302ea118c06
-
SHA512
ab360c45361e359eac349abf3b954c98e5a4e0ea0d7c507457aea4552a413e29ee7b8a91927f2909d1dff3bef6f25a80afc4a421738103b4a6abfb491f5eca36
-
SSDEEP
12288:1zHw364YEB1h+wo9P5xVRVpzK3kfr79LOvtyHRIv05kTvDKOgbxXaLMKfpj+mTf/:RWNzm83NMCN/3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-