Resubmissions
08-04-2024 13:45
240408-q2dpsaae25 1021-11-2023 22:21
231121-196ewagh72 1021-11-2023 22:20
231121-183ycshf5y 1021-11-2023 22:06
231121-1z2c6sgh38 1027-08-2023 18:38
230827-w98ssaee5z 1001-06-2023 22:35
230601-2h4yeagg74 1021-04-2023 17:56
230421-whz2kahb76 1016-04-2023 14:28
230416-rtht7sad45 1016-04-2023 14:28
230416-rs4qaaca91 116-04-2023 14:22
230416-rpvyzaad38 10General
-
Target
106445763c386e992ded6aa68f37f2dd77272d6ea3c6fff34eb70c5ef094aa34
-
Size
1.2MB
-
Sample
230224-jegplaaf57
-
MD5
5b3b6822964b4151c6200ecd89722a86
-
SHA1
ce7a11dae532b2ade1c96619bbdc8a8325582049
-
SHA256
106445763c386e992ded6aa68f37f2dd77272d6ea3c6fff34eb70c5ef094aa34
-
SHA512
2f0d99af35c326cf46810c7421325deb55ae7ca36a8edc2716a3d32d9e6769e0d374581a98912e22fceeb6973e972463ed8b2fa4d4399043c443fa100dfd17b0
-
SSDEEP
24576:5yY4YriuQJ5X4SuIcmuBLahxwUzN1YyqoVKucvTNLF9:sY4FuIahGxRMoobNLF
Static task
static1
Behavioral task
behavioral1
Sample
106445763c386e992ded6aa68f37f2dd77272d6ea3c6fff34eb70c5ef094aa34.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
ronur
193.233.20.20:4134
-
auth_value
f88f86755a528d4b25f6f3628c460965
Extracted
redline
funka
193.233.20.20:4134
-
auth_value
cdb395608d7ec633dce3d2f0c7fb0741
Extracted
amadey
3.67
193.233.20.15/dF30Hn4m/index.php
Extracted
amadey
3.66
62.204.41.88/9vdVVVjsw/index.php
Extracted
redline
Hack
154.17.165.178:10377
-
auth_value
50233687e98ee274b44a32fcc741f9a4
Extracted
redline
Thomas
107.189.165.102:1919
-
auth_value
1a3e158dd21f084bceada6f65fc00a1c
Targets
-
-
Target
106445763c386e992ded6aa68f37f2dd77272d6ea3c6fff34eb70c5ef094aa34
-
Size
1.2MB
-
MD5
5b3b6822964b4151c6200ecd89722a86
-
SHA1
ce7a11dae532b2ade1c96619bbdc8a8325582049
-
SHA256
106445763c386e992ded6aa68f37f2dd77272d6ea3c6fff34eb70c5ef094aa34
-
SHA512
2f0d99af35c326cf46810c7421325deb55ae7ca36a8edc2716a3d32d9e6769e0d374581a98912e22fceeb6973e972463ed8b2fa4d4399043c443fa100dfd17b0
-
SSDEEP
24576:5yY4YriuQJ5X4SuIcmuBLahxwUzN1YyqoVKucvTNLF9:sY4FuIahGxRMoobNLF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-