General
-
Target
0d866ee6b07e3b9bcd19a12c6b93f015d82093acc0ccf1af1741140f558177c4
-
Size
251KB
-
Sample
221112-as7y9scf34
-
MD5
ed18664b78f1ff6e183b628c904ea014
-
SHA1
3f0e28c7fba3fd1fb2d054086be880115ab9ed8a
-
SHA256
0d866ee6b07e3b9bcd19a12c6b93f015d82093acc0ccf1af1741140f558177c4
-
SHA512
61bc65dca3cd5d00cc576811b33dd3678d4e619e364c355acecc19b49623309163283416a24b93038967c09cff6a003536fa0984246ee4bfd2221b152dd973e6
-
SSDEEP
6144:G50cgOwSgDmL4Cw/knHFzCvDEVo9uuQgb6:G50cgOwSgmkCw/kHFm4u0uZb6
Static task
static1
Behavioral task
behavioral1
Sample
0d866ee6b07e3b9bcd19a12c6b93f015d82093acc0ccf1af1741140f558177c4.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
boy
77.73.134.241:4691
-
auth_value
a91fa8cc2cfaefc42a23c03faef44bd3
Targets
-
-
Target
0d866ee6b07e3b9bcd19a12c6b93f015d82093acc0ccf1af1741140f558177c4
-
Size
251KB
-
MD5
ed18664b78f1ff6e183b628c904ea014
-
SHA1
3f0e28c7fba3fd1fb2d054086be880115ab9ed8a
-
SHA256
0d866ee6b07e3b9bcd19a12c6b93f015d82093acc0ccf1af1741140f558177c4
-
SHA512
61bc65dca3cd5d00cc576811b33dd3678d4e619e364c355acecc19b49623309163283416a24b93038967c09cff6a003536fa0984246ee4bfd2221b152dd973e6
-
SSDEEP
6144:G50cgOwSgDmL4Cw/knHFzCvDEVo9uuQgb6:G50cgOwSgmkCw/kHFm4u0uZb6
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-