General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.20899.2520.exe
-
Size
600KB
-
Sample
230204-qsynlagg5v
-
MD5
3531a184849ac145c99db50e99d26c0d
-
SHA1
ebe6e116e0a2fb2137a530e927530fa41fafca86
-
SHA256
436a9c0665714654628cc903f1152e1e98512a036546929530259d8860e1507b
-
SHA512
cdf4b4fb41b54f16afb2c38a664f26deff0559edd7d72b49c347a025fc0d58c66dfda99d053c01bebd0863f9f01d9baa7ac98f7a1a35e8e6e79a773673afdec3
-
SSDEEP
6144:9bVLYR1JpsGYabPUgeTQeKyslV0q9IfHcN6CVDblIzFny0e/cp4MRa7Pa0whSayj:9bVU1rbaQisX0q9pzmZy0+va0RRao
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.TrojanX-gen.20899.2520.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.TrojanX-gen.20899.2520.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
redko
62.204.41.170:4179
-
auth_value
9bcf7b0620ff067017d66b9a5d80b547
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Extracted
redline
temposs6678
82.115.223.9:15486
-
auth_value
af399e6a2fe66f67025541cf71c64313
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.20899.2520.exe
-
Size
600KB
-
MD5
3531a184849ac145c99db50e99d26c0d
-
SHA1
ebe6e116e0a2fb2137a530e927530fa41fafca86
-
SHA256
436a9c0665714654628cc903f1152e1e98512a036546929530259d8860e1507b
-
SHA512
cdf4b4fb41b54f16afb2c38a664f26deff0559edd7d72b49c347a025fc0d58c66dfda99d053c01bebd0863f9f01d9baa7ac98f7a1a35e8e6e79a773673afdec3
-
SSDEEP
6144:9bVLYR1JpsGYabPUgeTQeKyslV0q9IfHcN6CVDblIzFny0e/cp4MRa7Pa0whSayj:9bVU1rbaQisX0q9pzmZy0+va0RRao
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-