General
-
Target
anon1.c.exe
-
Size
6.3MB
-
Sample
221108-pg9q2sheaq
-
MD5
ec54635cd5ecaf1b3bfeaac4ad54f360
-
SHA1
78ce05e39cd35bb9f932dadf0d2dc7bb2783cb15
-
SHA256
04d31c61d53359359e896db066a150f94321c1fd788a9ef7cb6a3e08ab963761
-
SHA512
44043cdae43b0fe3e9c8a247e568925c5c8047fa425d61bfb428cb6376f9ba1d8bfa50b362657ca73a48c015f7fb1ea6b496a00d68473f6ee92eebbc17e5e236
-
SSDEEP
98304:F0fI8YvciV+yBm0XA7HCOaYh5JTrQOdauaHaSZSxT+yq1Dc0:F0oxLA7HJaW5tbauFgSx4
Static task
static1
Behavioral task
behavioral1
Sample
anon1.c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
anon1.c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
94c54520400750937a6f1bf6044f8667
http://194.37.80.221/
Extracted
systembc
45.15.156.48:4254
146.70.53.169:4254
Extracted
redline
Test1
45.15.156.48:8285
-
auth_value
3ec6815aabd0bab316e997c1c7898294
Targets
-
-
Target
anon1.c.exe
-
Size
6.3MB
-
MD5
ec54635cd5ecaf1b3bfeaac4ad54f360
-
SHA1
78ce05e39cd35bb9f932dadf0d2dc7bb2783cb15
-
SHA256
04d31c61d53359359e896db066a150f94321c1fd788a9ef7cb6a3e08ab963761
-
SHA512
44043cdae43b0fe3e9c8a247e568925c5c8047fa425d61bfb428cb6376f9ba1d8bfa50b362657ca73a48c015f7fb1ea6b496a00d68473f6ee92eebbc17e5e236
-
SSDEEP
98304:F0fI8YvciV+yBm0XA7HCOaYh5JTrQOdauaHaSZSxT+yq1Dc0:F0oxLA7HJaW5tbauFgSx4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-