General
-
Target
9b9c37b5fae86ed23becb1bbfacd382a78078857a5a4cb48e5cd81780139769b
-
Size
252KB
-
Sample
221115-nypa1ahe6t
-
MD5
25c9dd1438c634f99da6bb9ef4421db0
-
SHA1
9eecbe1a7d402f66694f466b4b4c89f3e2751774
-
SHA256
9b9c37b5fae86ed23becb1bbfacd382a78078857a5a4cb48e5cd81780139769b
-
SHA512
2c70dfc5c352a521cf10425f87d903e284376c36efa38de150e4389ad4148b107137a1ddc47569ffd3f6566a72e73e89b9a30c2fe0afcd2a672bdc8a496f2f07
-
SSDEEP
3072:GslCU05dYkPSV6YzFjWty4Ea+cEi+eTVP1+n26Me1QQ9O+6OTsIGMOtRz:MrYYQDf44TeZ1+nL1JO+7Kt
Static task
static1
Behavioral task
behavioral1
Sample
9b9c37b5fae86ed23becb1bbfacd382a78078857a5a4cb48e5cd81780139769b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
boy
77.73.134.241:4691
-
auth_value
a91fa8cc2cfaefc42a23c03faef44bd3
Targets
-
-
Target
9b9c37b5fae86ed23becb1bbfacd382a78078857a5a4cb48e5cd81780139769b
-
Size
252KB
-
MD5
25c9dd1438c634f99da6bb9ef4421db0
-
SHA1
9eecbe1a7d402f66694f466b4b4c89f3e2751774
-
SHA256
9b9c37b5fae86ed23becb1bbfacd382a78078857a5a4cb48e5cd81780139769b
-
SHA512
2c70dfc5c352a521cf10425f87d903e284376c36efa38de150e4389ad4148b107137a1ddc47569ffd3f6566a72e73e89b9a30c2fe0afcd2a672bdc8a496f2f07
-
SSDEEP
3072:GslCU05dYkPSV6YzFjWty4Ea+cEi+eTVP1+n26Me1QQ9O+6OTsIGMOtRz:MrYYQDf44TeZ1+nL1JO+7Kt
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-