General
-
Target
Driver Easy Pro.rar
-
Size
9.7MB
-
Sample
221005-zx92vsffd5
-
MD5
a594d0d300d83aa61fc466abcbe2205a
-
SHA1
bbdad102d689b96b75937e4b7c38edfa0408b2ff
-
SHA256
9c5b16604cb137dd84dcd9952292cb6e9714814720878318fb9126172306aed6
-
SHA512
bfb32eb82108ffb332459aeef0711d9cee5fca66025f577573d29dfa5763afa55898222a18f8eefd72785882d7806d6451f75203189a3a8f67654ea99e19f799
-
SSDEEP
196608:WIU5zKlQeO6ielwUan870LHn7t8K9GcnEFHlr5yi1I0RYp9fMrv/ej97MiuJde:1izEQe/lwDn870jnR8ncnWi0RYp9fBVp
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
55141fdba30e9c28fe0ae2e082b22897
http://45.15.156.31/
Extracted
redline
81.161.229.143:27938
-
auth_value
6687e352a0604d495c3851d248ebf06f
Targets
-
-
Target
Setup.exe
-
Size
812.1MB
-
MD5
97432769d9c069e9d916cca622d3e136
-
SHA1
821748178afd4e72ce68e37bca575327e2c15074
-
SHA256
7f9684b6297bf11ba15105902412e453afd13c904e8e0121d9d8ef834b7e95d9
-
SHA512
4641d432a53c437fed97313b8c13af504b681580d37fc25a1e7ddc1c787283d5478ea78d3adacc850f022814a14a160932e135f001096b7ab93dc7c1c3277dd7
-
SSDEEP
6144:LDKW1Lgbdl0TBBvjc/YrWNjk2ZHXKsDDki/jsRzXN8fZfjLx7zz:/h1Lk70TnvjcAb2ZHXhF/Sz96fnx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-