General
-
Target
jre-8u351-windows.exe
-
Size
677.7MB
-
Sample
221123-bj98psaf51
-
MD5
fb437fbaea26872ddc2b2d6cc9c99b7e
-
SHA1
94e4dfee270b2a9a3d7922e62d864cf14815fc42
-
SHA256
1f22ccc2ea38b1e6134ba8d90f5bf890b921689f97f8aefbfa7b6a96dd774940
-
SHA512
aab970cec7da9e163b0e80bb3d5a4fd774879f664d510a9b7c1f54eab01191e24076a6f3afc3c9e122ba5179cbb6d4d6b4971ec4cd7906cb8c6813fb34b59567
-
SSDEEP
3072:kahKyd2n31j95tgZ6uuPFWQyKKKK3BbddJL:kahON4YPFaJ
Static task
static1
Behavioral task
behavioral1
Sample
jre-8u351-windows.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
jre-8u351-windows.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
22
194.62.42.182:9697
-
auth_value
f346b477bf47eb4a5121a5288e53a759
Targets
-
-
Target
jre-8u351-windows.exe
-
Size
677.7MB
-
MD5
fb437fbaea26872ddc2b2d6cc9c99b7e
-
SHA1
94e4dfee270b2a9a3d7922e62d864cf14815fc42
-
SHA256
1f22ccc2ea38b1e6134ba8d90f5bf890b921689f97f8aefbfa7b6a96dd774940
-
SHA512
aab970cec7da9e163b0e80bb3d5a4fd774879f664d510a9b7c1f54eab01191e24076a6f3afc3c9e122ba5179cbb6d4d6b4971ec4cd7906cb8c6813fb34b59567
-
SSDEEP
3072:kahKyd2n31j95tgZ6uuPFWQyKKKK3BbddJL:kahON4YPFaJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-