General
-
Target
88679719d58df0cc5f8b69c2c6d672cdcc851f4e29755e5f491a960b2adb4907
-
Size
251KB
-
Sample
221112-bevmfsfg4y
-
MD5
1ebd94bb4f9585406016a1df35801037
-
SHA1
be5aa367dd6923ac4d2d292202b0ccc5359e707e
-
SHA256
88679719d58df0cc5f8b69c2c6d672cdcc851f4e29755e5f491a960b2adb4907
-
SHA512
bc7ae9fc720870bede145633615953803bb6b7d6ac85d609753e6d43deb1d2ad604e240ca8a957988ed2bf2960ffb7695f1b3bad5c1e705b6333d0b3b82eaff6
-
SSDEEP
6144:N53Lwwz0/mLCAVX7GZ09IwsvlzVkufEZse4gKt:N53Lwwz0/mmAVXKS+tBZ8ZsehK
Static task
static1
Behavioral task
behavioral1
Sample
88679719d58df0cc5f8b69c2c6d672cdcc851f4e29755e5f491a960b2adb4907.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
boy
77.73.134.241:4691
-
auth_value
a91fa8cc2cfaefc42a23c03faef44bd3
Targets
-
-
Target
88679719d58df0cc5f8b69c2c6d672cdcc851f4e29755e5f491a960b2adb4907
-
Size
251KB
-
MD5
1ebd94bb4f9585406016a1df35801037
-
SHA1
be5aa367dd6923ac4d2d292202b0ccc5359e707e
-
SHA256
88679719d58df0cc5f8b69c2c6d672cdcc851f4e29755e5f491a960b2adb4907
-
SHA512
bc7ae9fc720870bede145633615953803bb6b7d6ac85d609753e6d43deb1d2ad604e240ca8a957988ed2bf2960ffb7695f1b3bad5c1e705b6333d0b3b82eaff6
-
SSDEEP
6144:N53Lwwz0/mLCAVX7GZ09IwsvlzVkufEZse4gKt:N53Lwwz0/mmAVXKS+tBZ8ZsehK
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-