General
-
Target
5BDF181C629182A48CE6810CD0987FB0C1242DED4C9E7.exe
-
Size
200KB
-
Sample
230307-tf7yaaab3s
-
MD5
03cb70c1e24b4ea666d9aa2c935e109e
-
SHA1
76700221ed0f2ec68b07d0855ad046ab46e9bafb
-
SHA256
5bdf181c629182a48ce6810cd0987fb0c1242ded4c9e73501df59481dbe6ec3a
-
SHA512
41cc824f4e5c035f1d696b63bdcfeb097ed0566db66997fef929680fdc0aefa9c040ced879a8eb82dceb6102fad58b956d74560d2078d93c43003091f4bf140b
-
SSDEEP
3072:taHIi1V71HVwJpXoNER6BuAurHMQlshQuQiFrtjrXf+gt:0GJp4i6isQa2uhFrtHW
Static task
static1
Behavioral task
behavioral1
Sample
5BDF181C629182A48CE6810CD0987FB0C1242DED4C9E7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5BDF181C629182A48CE6810CD0987FB0C1242DED4C9E7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Targets
-
-
Target
5BDF181C629182A48CE6810CD0987FB0C1242DED4C9E7.exe
-
Size
200KB
-
MD5
03cb70c1e24b4ea666d9aa2c935e109e
-
SHA1
76700221ed0f2ec68b07d0855ad046ab46e9bafb
-
SHA256
5bdf181c629182a48ce6810cd0987fb0c1242ded4c9e73501df59481dbe6ec3a
-
SHA512
41cc824f4e5c035f1d696b63bdcfeb097ed0566db66997fef929680fdc0aefa9c040ced879a8eb82dceb6102fad58b956d74560d2078d93c43003091f4bf140b
-
SSDEEP
3072:taHIi1V71HVwJpXoNER6BuAurHMQlshQuQiFrtjrXf+gt:0GJp4i6isQa2uhFrtHW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-