General
-
Target
af2709ee8742f5a5f3f6c72acd909c0d.exe
-
Size
1.0MB
-
Sample
230319-ng577aab8s
-
MD5
af2709ee8742f5a5f3f6c72acd909c0d
-
SHA1
123a8127d8f4c28fab018c7564856c6e72df9642
-
SHA256
f2d99e7d3c59adf52afe0302b298c7d8ea023e9338c2870f74f11eaa0a332fc4
-
SHA512
54bdbdcffe98c6dc885d229554bbb6096a2217e4a13b24c8dff9bf4880741ae6715b2212df70ab8e3826950d8a41a4374bf0000d43822b71fe61b9513d1164d4
-
SSDEEP
24576:FylAhR62PcG6kpyzSjJVW2F1ZdIs3VK6QcyxRcl:glUR62PcG6kLVW0IKVKdcyDc
Static task
static1
Behavioral task
behavioral1
Sample
af2709ee8742f5a5f3f6c72acd909c0d.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
af2709ee8742f5a5f3f6c72acd909c0d.exe
-
Size
1.0MB
-
MD5
af2709ee8742f5a5f3f6c72acd909c0d
-
SHA1
123a8127d8f4c28fab018c7564856c6e72df9642
-
SHA256
f2d99e7d3c59adf52afe0302b298c7d8ea023e9338c2870f74f11eaa0a332fc4
-
SHA512
54bdbdcffe98c6dc885d229554bbb6096a2217e4a13b24c8dff9bf4880741ae6715b2212df70ab8e3826950d8a41a4374bf0000d43822b71fe61b9513d1164d4
-
SSDEEP
24576:FylAhR62PcG6kpyzSjJVW2F1ZdIs3VK6QcyxRcl:glUR62PcG6kLVW0IKVKdcyDc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-