General
-
Target
9b7bb25d4fda674eaee9a15edf3f55dd1629c970553a4b34c0a5117ba355acba
-
Size
224KB
-
Sample
221022-n6lj3sdbcl
-
MD5
6be2fef2c2acf9d5f48670d3898a35cf
-
SHA1
baca7a142869af68cccafee5e67c375672049668
-
SHA256
9b7bb25d4fda674eaee9a15edf3f55dd1629c970553a4b34c0a5117ba355acba
-
SHA512
24e9976c8045ffe375b1c3c7e1dbfe8dc7f8deb1a65866bf9b0bd35d2b2a39d5e0b75661b2575b6fd9a2a2f166211d2612dd9fc40e569309a5ec71ca1acba045
-
SSDEEP
3072:iXrNLFlRRPCy5pY6hlBeNiZKsyUJZFDknjBoPKsSm3v/va:ihLZVCCYKlB2wKNiZOjBoPtSm3vn
Static task
static1
Behavioral task
behavioral1
Sample
9b7bb25d4fda674eaee9a15edf3f55dd1629c970553a4b34c0a5117ba355acba.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
nam7
103.89.90.61:34589
-
auth_value
533c8fbdab4382453812c73ea2cee5b8
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Extracted
redline
slovarikinstalls
78.153.144.3:2510
-
auth_value
5f80b2ec82e3bd02a08a3a55d3180551
Extracted
redline
Newe
89.208.106.66:4691
-
auth_value
e7141b98243e53ec71dadf6344aff038
Targets
-
-
Target
9b7bb25d4fda674eaee9a15edf3f55dd1629c970553a4b34c0a5117ba355acba
-
Size
224KB
-
MD5
6be2fef2c2acf9d5f48670d3898a35cf
-
SHA1
baca7a142869af68cccafee5e67c375672049668
-
SHA256
9b7bb25d4fda674eaee9a15edf3f55dd1629c970553a4b34c0a5117ba355acba
-
SHA512
24e9976c8045ffe375b1c3c7e1dbfe8dc7f8deb1a65866bf9b0bd35d2b2a39d5e0b75661b2575b6fd9a2a2f166211d2612dd9fc40e569309a5ec71ca1acba045
-
SSDEEP
3072:iXrNLFlRRPCy5pY6hlBeNiZKsyUJZFDknjBoPKsSm3v/va:ihLZVCCYKlB2wKNiZOjBoPtSm3vn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-