General
-
Target
694617C7B7863A39F3D552BFDB090E9BC51C75671D6F4.exe
-
Size
270KB
-
Sample
221105-eym89sdfb7
-
MD5
97e48922430725608944a685f48fff81
-
SHA1
aab2cbce5ceb976eb60ea330eef331dfd0fb59e9
-
SHA256
694617c7b7863a39f3d552bfdb090e9bc51c75671d6f4696c8df0a2aae75b9b9
-
SHA512
e1633471dc9b02308d65ea4bc422537c7c2b6b488ecf18797aa395115ce0f62e994af8d860b5e029f682a68b28379c6cfeed9fe0e86e7f9eb5c09bfbe481ac14
-
SSDEEP
6144:dzZBQpMIXOhDnJtK6HRVoOh7pfG4Yir6NS7P6DZReiga:tn+MI+hDnX1RpG4lGtDfT
Static task
static1
Behavioral task
behavioral1
Sample
694617C7B7863A39F3D552BFDB090E9BC51C75671D6F4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
694617C7B7863A39F3D552BFDB090E9BC51C75671D6F4.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
1
164.90.146.32:41698
-
auth_value
9b64659ae8aca5a45aee2af90a3cdeac
Targets
-
-
Target
694617C7B7863A39F3D552BFDB090E9BC51C75671D6F4.exe
-
Size
270KB
-
MD5
97e48922430725608944a685f48fff81
-
SHA1
aab2cbce5ceb976eb60ea330eef331dfd0fb59e9
-
SHA256
694617c7b7863a39f3d552bfdb090e9bc51c75671d6f4696c8df0a2aae75b9b9
-
SHA512
e1633471dc9b02308d65ea4bc422537c7c2b6b488ecf18797aa395115ce0f62e994af8d860b5e029f682a68b28379c6cfeed9fe0e86e7f9eb5c09bfbe481ac14
-
SSDEEP
6144:dzZBQpMIXOhDnJtK6HRVoOh7pfG4Yir6NS7P6DZReiga:tn+MI+hDnX1RpG4lGtDfT
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-