General
-
Target
07ff580e-3cfd-4c41-a92e-4ba534dd1a0a.lnk
-
Size
2KB
-
Sample
230202-hx9bwshc61
-
MD5
ef7f9739337bc657cd0a63e32e27d0a1
-
SHA1
bf67555a7272f24ceb57b1c49e4cf37dc17b246f
-
SHA256
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c
-
SHA512
e3d0a14ac1b9165e75e619aa6f76058a4c799bb722abaeafac977c35f31ab10ad8c8a51c7f3828bb896cbf339f971974a4fb26421ba6aea52530ac84b7785ada
Static task
static1
Behavioral task
behavioral1
Sample
07ff580e-3cfd-4c41-a92e-4ba534dd1a0a.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
07ff580e-3cfd-4c41-a92e-4ba534dd1a0a.lnk
Resource
win10v2004-20221111-en
Malware Config
Extracted
https://oiartzunirratia.eus/install/clean/Lcovlccdxd.exe
Extracted
redline
cheat
194.26.192.248:7053
Targets
-
-
Target
07ff580e-3cfd-4c41-a92e-4ba534dd1a0a.lnk
-
Size
2KB
-
MD5
ef7f9739337bc657cd0a63e32e27d0a1
-
SHA1
bf67555a7272f24ceb57b1c49e4cf37dc17b246f
-
SHA256
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c
-
SHA512
e3d0a14ac1b9165e75e619aa6f76058a4c799bb722abaeafac977c35f31ab10ad8c8a51c7f3828bb896cbf339f971974a4fb26421ba6aea52530ac84b7785ada
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-