General
-
Target
f14a6a9dab709deb02cd549fd88514dd84d454d254ec174bad834265f126ee39
-
Size
210KB
-
Sample
221031-y3d1yadeej
-
MD5
710a7926da9ff95dd8c78e5e19387d8f
-
SHA1
cdc855c14fd60fc52524d7288921b31c22b7c67d
-
SHA256
f14a6a9dab709deb02cd549fd88514dd84d454d254ec174bad834265f126ee39
-
SHA512
06a0f37324d6921324732c06c34663110f72ffbec881dc247f7b21bd07c7bf5c0e359925ff074937a25326f8452ed5f427814e5ab540d16d2a79070f08951ee9
-
SSDEEP
3072:I7tMw36RdY+40CLajvq6sf54rWwzPafB6V+04md3/Btx:I7qRR6+4dLajvqGlzPPLTd3/Bt
Static task
static1
Behavioral task
behavioral1
Sample
f14a6a9dab709deb02cd549fd88514dd84d454d254ec174bad834265f126ee39.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
slovarik15btc
78.153.144.3:2510
-
auth_value
bfedad55292538ad3edd07ac95ad8952
Extracted
redline
31.10
194.87.218.5:9630
-
auth_value
6223ceba7350b5fdfd29a51c01ad5fdb
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f14a6a9dab709deb02cd549fd88514dd84d454d254ec174bad834265f126ee39
-
Size
210KB
-
MD5
710a7926da9ff95dd8c78e5e19387d8f
-
SHA1
cdc855c14fd60fc52524d7288921b31c22b7c67d
-
SHA256
f14a6a9dab709deb02cd549fd88514dd84d454d254ec174bad834265f126ee39
-
SHA512
06a0f37324d6921324732c06c34663110f72ffbec881dc247f7b21bd07c7bf5c0e359925ff074937a25326f8452ed5f427814e5ab540d16d2a79070f08951ee9
-
SSDEEP
3072:I7tMw36RdY+40CLajvq6sf54rWwzPafB6V+04md3/Btx:I7qRR6+4dLajvqGlzPPLTd3/Bt
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-