General
-
Target
07e1352f0ff87e2a0848c543f0c084a3.exe
-
Size
1.3MB
-
Sample
220925-aygn9sdhdl
-
MD5
07e1352f0ff87e2a0848c543f0c084a3
-
SHA1
bc09be07ccd2664470585617ac2e8897a668c925
-
SHA256
1702558a8ae1cda0af628944914cf12a6dc360092b67395779e90450dd1bf64d
-
SHA512
6ec4aadcc10f24ac8a4b7b068d40ea2763835fc882114599a7080ef18af9f2836081a0cd3aa7fac39e772faca6c39c5ad3821262387bae5e45121252dccb5527
-
SSDEEP
24576:CymzerONUyCuIXr3pQBfzuMSmZD0hy91zuvNrkuC3b4ZoAnVZ3dUyU:pL4+eBLu9mZYkfzuVwcmaVJyy
Static task
static1
Behavioral task
behavioral1
Sample
07e1352f0ff87e2a0848c543f0c084a3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
07e1352f0ff87e2a0848c543f0c084a3.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
explorer
159.223.57.212:8294
Targets
-
-
Target
07e1352f0ff87e2a0848c543f0c084a3.exe
-
Size
1.3MB
-
MD5
07e1352f0ff87e2a0848c543f0c084a3
-
SHA1
bc09be07ccd2664470585617ac2e8897a668c925
-
SHA256
1702558a8ae1cda0af628944914cf12a6dc360092b67395779e90450dd1bf64d
-
SHA512
6ec4aadcc10f24ac8a4b7b068d40ea2763835fc882114599a7080ef18af9f2836081a0cd3aa7fac39e772faca6c39c5ad3821262387bae5e45121252dccb5527
-
SSDEEP
24576:CymzerONUyCuIXr3pQBfzuMSmZD0hy91zuvNrkuC3b4ZoAnVZ3dUyU:pL4+eBLu9mZYkfzuVwcmaVJyy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
WSHRAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-