General
-
Target
SoftwareSetupFile.zip
-
Size
3.6MB
-
Sample
230103-wvbjqscc66
-
MD5
c5eb843a67ba2411ad4c33e5b665f1a0
-
SHA1
3c409f1e2013bcce047c9100b40efd072622bbd2
-
SHA256
662735f537c23f4f570b9018a69bcd5d9ca1c908ab5e390e90cfb08275107627
-
SHA512
97b262208cc109b5656c3ac5dbaf7a7aa649e4c1cb85dcae3303d1be92e5083e14c1b3c0c916fc8ac03924fbc5ec7d7c7c27295f2c97c7d25e273d1308f15d39
-
SSDEEP
98304:JBPd+DgsoHqzd6TdgzSWyagdbY120GrBa:5+UDKp6ZgrFgdM1Ea
Static task
static1
Behavioral task
behavioral1
Sample
SoftwareSetupFile.zip
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Privacy Policу/AppXRuntime.xml
Resource
win7-20220812-en
Behavioral task
behavioral3
Sample
Privacy Policу/AuditSettings.xml
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Privacy Policу/en-US/DFS.xml
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
Privacy Policу/en-US/DWM.xml
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Privacy Policу/en-US/DeviceInstallation.xml
Resource
win7-20221111-en
Malware Config
Extracted
redline
Meta
109.205.214.6:81
-
auth_value
ff920b9b3b34fa545260b11f0ece519d
Targets
-
-
Target
SoftwareSetupFile.zip
-
Size
3.6MB
-
MD5
c5eb843a67ba2411ad4c33e5b665f1a0
-
SHA1
3c409f1e2013bcce047c9100b40efd072622bbd2
-
SHA256
662735f537c23f4f570b9018a69bcd5d9ca1c908ab5e390e90cfb08275107627
-
SHA512
97b262208cc109b5656c3ac5dbaf7a7aa649e4c1cb85dcae3303d1be92e5083e14c1b3c0c916fc8ac03924fbc5ec7d7c7c27295f2c97c7d25e273d1308f15d39
-
SSDEEP
98304:JBPd+DgsoHqzd6TdgzSWyagdbY120GrBa:5+UDKp6ZgrFgdM1Ea
Score1/10 -
-
-
Target
Privacy Policу/AppXRuntime.admx
-
Size
3KB
-
MD5
88d794ea092ef395433cfa321d06e5e4
-
SHA1
f1f7c7dfbd04ac5a92cbde88bd4f087781d63c40
-
SHA256
5afc969e4212a6511f307385c99b8868e8c873183dc271bbb95ba571b24eb53e
-
SHA512
ebb770102b8202de4bb7319cbc2cda860e4de5d1e95f0fbef4d4890aa2b22cd48cf73909d028a37b507926b4fad573716fba16e50b8f9eca8d5feab00ac17cca
Score1/10 -
-
-
Target
Privacy Policу/AuditSettings.admx
-
Size
1KB
-
MD5
9a36a7410b4ef98b36da553e050b9788
-
SHA1
4ba6e5225a7c5daf30f4947b9288b708e8e557e8
-
SHA256
ebac316580540b7ee8e399f890470527e456f2c6a103fcc899f4b2442d8e69f7
-
SHA512
7cd81f2bedde51bca3a1f5a0889870be71ef521e5c331f1c8ba4ce97bf604adfff6cafa0fe707ed55df62bc340c45baa189e3d07f20a466ee7254f3c6abe6b74
Score1/10 -
-
-
Target
Privacy Policу/en-US/DFS.adml
-
Size
1KB
-
MD5
59649458234fa8ec0fa1ccf6d1a1f000
-
SHA1
fa84dc8c633ac66d93c2cc4ca82973690cc01b06
-
SHA256
7c621bdfa9aafbb72c6e3eaa6bd9dadb9b87b76ff3085c3ab85f94a4ba74148b
-
SHA512
3dac7345cdf6e474ec6550890d2581e97ceccbdf3d6da446d0b4051600b81e66725e20e3905fc8ed051e00ae74b7899ecec073c828e776fb664731218f88e528
Score1/10 -
-
-
Target
Privacy Policу/en-US/DWM.adml
-
Size
4KB
-
MD5
8c0c1f2ac3237b8aa71f88a5650c0e68
-
SHA1
8a39fc535339841cc7573b1dcff729cec8e54114
-
SHA256
844bf77e54e0c353537b0d1349f0173049dd36c0cb64eaee900663cd0a227ab4
-
SHA512
c6f8ac395d011ec45ebf47812ebebf7e152db6a943566b744aa83b22529df07e3d0749d008b5f3a8a46953cccf39305966869e5efe502b1e727cf55ed7a05f4f
-
SSDEEP
96:LeD5pm8i9yPYwH70day2JGkA5mZAOtfMtlV:E1i9Yn0zMA3G6
Score1/10 -
-
-
Target
Privacy Policу/en-US/DeviceInstallation.adml
-
Size
20KB
-
MD5
b0d80e37838946a958789511d6090800
-
SHA1
e80ebc94d870b40e9925d9473e83438287a3df50
-
SHA256
ead0368b0ab7404addc0b8bd016e04d43c7a1e370a2875a6785863a53cc94095
-
SHA512
a13d7aa56fa39803b8cb441dd6907a0f06e2b89eb478b6c6d57687f0e154de44ef959411627c33d5652d096e439f6518c624a4f159189c8da7ad51370fb12ad3
-
SSDEEP
384:/Zy2dT4b3O+5KeqO+cpm964BNLKsuV2r4tFHsAvRzw3g:/ZBub+EKebxpm97ODVy4rHb5EQ
Score1/10 -
-
-
Target
SoftwareSetuрFilе.exe
-
Size
690.4MB
-
MD5
95b35f12fb70251d52cc693e147133c0
-
SHA1
1f8c5cc37c24f6ccec159de07edf3fc64104d66b
-
SHA256
445990599534816991c6ccf1781763f855e1beff0f2d7f9305a95938edfafbcf
-
SHA512
a4dfd8e2b3a513425c427f0b131b139e6ff7a69eabd2b2edfbea63a3ceafe54d06163a395e160b64c1e3a2406439637c8addd57e154b7b8050daf940afea0d40
-
SSDEEP
49152:WmVlA7GqB6/KWpXeJpyYmJdIiDix/TYLAbJMZnMw2tNn1Or/GtXEJ+GRgD6Vk3j8:18Na5XeJQpU/sLAKnMwoyXsm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-