General
-
Target
fb232598f7ecf83db155b07c5865daa58d9c9c380042e774d65c6a9072df7ac5
-
Size
643KB
-
Sample
230206-mqqnesgg6y
-
MD5
0c2a89b5d2c2917f2c27e649341ad7a2
-
SHA1
02d28ef3d501b0fe984122095b65f825e5b0308f
-
SHA256
fb232598f7ecf83db155b07c5865daa58d9c9c380042e774d65c6a9072df7ac5
-
SHA512
a70c89e0f81fe6cf340d7c3d0b00bbac04a63ebe73c16f981f5f0cfa4b41ae5f7d24a407776c1c2e6633087e61a8abe54d5521424d620227f7f8e1e1ab88fa69
-
SSDEEP
12288:IMrwy90QtSYchV0Btc52dEyi87egv/pjtoQCVETuW2mw08J6wD6:oy/SVV+9NnLo/VETHO0s6we
Static task
static1
Behavioral task
behavioral1
Sample
fb232598f7ecf83db155b07c5865daa58d9c9c380042e774d65c6a9072df7ac5.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
bilod
193.233.20.7:4138
-
auth_value
407a8c8d5a1f9a3348afc8c6b0155512
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
fb232598f7ecf83db155b07c5865daa58d9c9c380042e774d65c6a9072df7ac5
-
Size
643KB
-
MD5
0c2a89b5d2c2917f2c27e649341ad7a2
-
SHA1
02d28ef3d501b0fe984122095b65f825e5b0308f
-
SHA256
fb232598f7ecf83db155b07c5865daa58d9c9c380042e774d65c6a9072df7ac5
-
SHA512
a70c89e0f81fe6cf340d7c3d0b00bbac04a63ebe73c16f981f5f0cfa4b41ae5f7d24a407776c1c2e6633087e61a8abe54d5521424d620227f7f8e1e1ab88fa69
-
SSDEEP
12288:IMrwy90QtSYchV0Btc52dEyi87egv/pjtoQCVETuW2mw08J6wD6:oy/SVV+9NnLo/VETHO0s6we
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-