General
-
Target
MetaLauncher (2).zip
-
Size
5.2MB
-
Sample
221017-kyn4fsbca7
-
MD5
283979dc33c411a9e75ec5d4c0214bf1
-
SHA1
cb906b94d0c45c04f71218eba46190081dd8942e
-
SHA256
2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287
-
SHA512
ed517f094ca9cbb6d43cad69cdfd0a150a53f91b1d10565212b7054c136c13d69d962fd95fa4c8569d611a65065f1e8009c53f0d83e0a78b6a051adb0ec2c8f3
-
SSDEEP
98304:Of+81uWPOhRYkZW0eh7/P5BfOkbcuKjSSvatI:Ofv1uWPI8Z7BkS2atI
Behavioral task
behavioral1
Sample
MetaLauncher.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
idiot
185.106.93.212:5616
-
auth_value
a2648a76c8df40c3df6d8e561e3fd09c
Targets
-
-
Target
MetaLauncher.exe
-
Size
700.0MB
-
MD5
ef0252c71127e6aecb0dce4026ec5b12
-
SHA1
fa59f410e3e3fc3508b0be90e25f5276f4e935bd
-
SHA256
2b74c16506089e7b924665f6b6995daec9304ee9faf8d32a149fe5eb4799cbcc
-
SHA512
e37abc995ec518fb436b0441667151a81afc2885e0eedbd579c84a3dbf42cfe7fd6ed0d20e29636798dfd605d182931eb35214d7d384d9bfdba3010a5a73ed53
-
SSDEEP
49152:2PVuj3MxjxmxDfsAe2/0OsueEu6FREcK1ZEFcF5jAvJhg2jn5HNisTiiSbKvTnVB:2PVuQxxmxW2sjueT1GwoJe4yFu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-