General
-
Target
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c.zip
-
Size
943B
-
Sample
230203-b6fmlshg33
-
MD5
cdc031e5ba9bc2934c85c07e309fd785
-
SHA1
68334c5368aebd16e4e9ded0793df489eb94ad3b
-
SHA256
fe691ec7c2a992948fe3bdd861ef9c93e49521cc7a310fae87dd61704b73904f
-
SHA512
82444bf09d2fc6c3553954ebcb7c1d66f5eff4ac08acd3d8d05c6c100da067e10841f60ecda8871b820d16f00d59bb3d6e59034344dd2d8234cb7cd991e7230c
Static task
static1
Behavioral task
behavioral1
Sample
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c.lnk
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://oiartzunirratia.eus/install/clean/Lcovlccdxd.exe
Extracted
redline
cheat
194.26.192.248:7053
Targets
-
-
Target
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c.lnk
-
Size
2KB
-
MD5
ef7f9739337bc657cd0a63e32e27d0a1
-
SHA1
bf67555a7272f24ceb57b1c49e4cf37dc17b246f
-
SHA256
a517abf69af75cef34cc2db14981ea42b2ef4424c140e37363f80badb2353c6c
-
SHA512
e3d0a14ac1b9165e75e619aa6f76058a4c799bb722abaeafac977c35f31ab10ad8c8a51c7f3828bb896cbf339f971974a4fb26421ba6aea52530ac84b7785ada
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-