General
-
Target
453abdd9bf3631ef067fb27b3a66be88c80c7f8b13b3d845fb1a2ff3f15f09d3
-
Size
252KB
-
Sample
221112-d6ndkade35
-
MD5
6b2c68d8b139c309606fb2b0e8bc805e
-
SHA1
fefe4f1234d26f20bac6fdb7d293d065e2b06e48
-
SHA256
453abdd9bf3631ef067fb27b3a66be88c80c7f8b13b3d845fb1a2ff3f15f09d3
-
SHA512
162e1d6e878f05990632cf83fc8277b820e1dd8776f93637f2d6caafb8b755e24b62f73b98d6047c7c6af1fa587d160d1faef514bebf4f923a39fd8d59d0c4da
-
SSDEEP
6144:VBudS4ksL/mtFFrQHeXshKPcv/WDwp7VTqoIUylZY:VBudS4TDmtFFrJXsq6pTqorN
Static task
static1
Behavioral task
behavioral1
Sample
453abdd9bf3631ef067fb27b3a66be88c80c7f8b13b3d845fb1a2ff3f15f09d3.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
boy
77.73.134.241:4691
-
auth_value
a91fa8cc2cfaefc42a23c03faef44bd3
Targets
-
-
Target
453abdd9bf3631ef067fb27b3a66be88c80c7f8b13b3d845fb1a2ff3f15f09d3
-
Size
252KB
-
MD5
6b2c68d8b139c309606fb2b0e8bc805e
-
SHA1
fefe4f1234d26f20bac6fdb7d293d065e2b06e48
-
SHA256
453abdd9bf3631ef067fb27b3a66be88c80c7f8b13b3d845fb1a2ff3f15f09d3
-
SHA512
162e1d6e878f05990632cf83fc8277b820e1dd8776f93637f2d6caafb8b755e24b62f73b98d6047c7c6af1fa587d160d1faef514bebf4f923a39fd8d59d0c4da
-
SSDEEP
6144:VBudS4ksL/mtFFrQHeXshKPcv/WDwp7VTqoIUylZY:VBudS4TDmtFFrJXsq6pTqorN
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-