General
-
Target
6e13805b2d48183881001fb404a52afa668dbb1a88cef.exe
-
Size
726KB
-
Sample
220831-hzx2msafer
-
MD5
77094fdf5ddaa0b50dab615eddb267fa
-
SHA1
3840de5e390d216614e1af34dd5402bafc739a9b
-
SHA256
6e13805b2d48183881001fb404a52afa668dbb1a88cef942a44d3870b0e325b0
-
SHA512
b24a6f39ef67852c1ccfcf252744bff0e9fa83831a59331e44ccde2f703a603247d34b48a9719563b91d88c68ade719de53bf8b395324af71098bf5a68dc3620
-
SSDEEP
12288:jJmY1wzd5JOYjWyjhI7JQksX1MatKhsBkutBa:vah5JpjWz7JQHX1MatKhSkMB
Static task
static1
Behavioral task
behavioral1
Sample
6e13805b2d48183881001fb404a52afa668dbb1a88cef.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
mettop1
xoralessh.xyz:80
-
auth_value
a8206072062ec5262484a012d246646b
Extracted
colibri
1.2.0
Build1
http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php
http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php
Targets
-
-
Target
6e13805b2d48183881001fb404a52afa668dbb1a88cef.exe
-
Size
726KB
-
MD5
77094fdf5ddaa0b50dab615eddb267fa
-
SHA1
3840de5e390d216614e1af34dd5402bafc739a9b
-
SHA256
6e13805b2d48183881001fb404a52afa668dbb1a88cef942a44d3870b0e325b0
-
SHA512
b24a6f39ef67852c1ccfcf252744bff0e9fa83831a59331e44ccde2f703a603247d34b48a9719563b91d88c68ade719de53bf8b395324af71098bf5a68dc3620
-
SSDEEP
12288:jJmY1wzd5JOYjWyjhI7JQksX1MatKhsBkutBa:vah5JpjWz7JQHX1MatKhSkMB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-