General
-
Target
4dde444c389f2d4ae93c4107a812d406.exe
-
Size
7.3MB
-
Sample
220927-zyandseeh8
-
MD5
4dde444c389f2d4ae93c4107a812d406
-
SHA1
8150efe56ae179bc051ba4b23ab2c674643d168e
-
SHA256
c7dd8d7224c0031bab4f6835b0404600295f1ce078a0936cba0e18a5624c1458
-
SHA512
1591667c9dd665a640a6a51027132267cc44e56c6331f2af857ab3659d8d740b7abe10c0ba665de2953d66bc69efe954820bc002498d2d1a39583298590837d0
-
SSDEEP
196608:RlXzkbjKRvPZcSShAWjF/g81pJgyJX1bAZr:nsjKRHZYhxo8dJlbc
Malware Config
Targets
-
-
Target
4dde444c389f2d4ae93c4107a812d406.exe
-
Size
7.3MB
-
MD5
4dde444c389f2d4ae93c4107a812d406
-
SHA1
8150efe56ae179bc051ba4b23ab2c674643d168e
-
SHA256
c7dd8d7224c0031bab4f6835b0404600295f1ce078a0936cba0e18a5624c1458
-
SHA512
1591667c9dd665a640a6a51027132267cc44e56c6331f2af857ab3659d8d740b7abe10c0ba665de2953d66bc69efe954820bc002498d2d1a39583298590837d0
-
SSDEEP
196608:RlXzkbjKRvPZcSShAWjF/g81pJgyJX1bAZr:nsjKRHZYhxo8dJlbc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-