General
-
Target
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b
-
Size
235KB
-
Sample
230123-empmysbf62
-
MD5
ebd584e9c1a400cd5d4bafa0e7936468
-
SHA1
d263c62902326425ed17855d49d35003abcd797b
-
SHA256
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b
-
SHA512
e94b7bca0258e2f2fd374898c87196587311af4aa20f1197ef8d0fddcdc098fdd0096152d27b49cbe21a3527624339fe0c806c7aa4ea6c80b76764ee2245a010
-
SSDEEP
6144:pLUoeyDABOdDubDXqgraG0JzSRuVyL+VYLQqgE:plu0LgwJ4uVyaVqJ
Behavioral task
behavioral1
Sample
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b.exe
Resource
win10-20220812-en
Malware Config
Extracted
amadey
3.66
62.204.41.88/9vdVVVjsw/index.php
Extracted
redline
tanos
62.204.41.159:4062
-
auth_value
bcb77cd67cf9918d25e4b6ae210a9305
Extracted
redline
@REDLINEVIP Cloud (TG: @FATHEROFCARDERS)
151.80.89.233:13553
-
auth_value
fbee175162920530e6bf470c8003fa1a
Extracted
redline
buggy
62.204.41.159:4062
-
auth_value
f3bd7e0e0304fca899cd8bf6146ba4b3
Extracted
amadey
3.65
hellomr.observer/7gjD0Vs3d/index.php
researchersgokick.rocks/7gjD0Vs3d/index.php
pleasetake.pictures/7gjD0Vs3d/index.php
77.73.134.27/8bmdh3Slb2/index.php
Extracted
redline
test1
142.202.242.197:35704
-
auth_value
c885160a503c10a4d67fd1c2cf98f250
Extracted
vidar
2.1
701
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
701
Extracted
redline
slava
81.161.229.143:26910
-
auth_value
1fa3bcfe9f552d4efe7e265b42c3ebff
Extracted
redline
installs
194.226.121.225:12286
-
auth_value
10c13a3b351febb59871b098a09396b8
Targets
-
-
Target
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b
-
Size
235KB
-
MD5
ebd584e9c1a400cd5d4bafa0e7936468
-
SHA1
d263c62902326425ed17855d49d35003abcd797b
-
SHA256
ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b
-
SHA512
e94b7bca0258e2f2fd374898c87196587311af4aa20f1197ef8d0fddcdc098fdd0096152d27b49cbe21a3527624339fe0c806c7aa4ea6c80b76764ee2245a010
-
SSDEEP
6144:pLUoeyDABOdDubDXqgraG0JzSRuVyL+VYLQqgE:plu0LgwJ4uVyaVqJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-