General
-
Target
93926c527f6cc9d97da4c4da846631d1.bin
-
Size
975KB
-
Sample
230322-b2zvpaeb87
-
MD5
ccf63e606a70e049326f948365a15f95
-
SHA1
1fd4df92cd3ca3c00194e4b09e5580c01322b265
-
SHA256
10f97c40e8b7c0d543b9f76786d9d21f8d0de1f9b5c842de087da99a317c8d45
-
SHA512
3454bca7a55db4ed66ae7ce4c5b1c0844d5af2b258616809c44d03b0a63354678419ca82623db49569767b2e95b3be7f5ac73deee21eb2337b68c0461edb5ec5
-
SSDEEP
24576:tRFN1gBRFeoiuYgku/nurOHFKVISr645c3gc3EbpNBnGrF:NN1oRFQ73+ureKVISr633gc3EbIrF
Static task
static1
Behavioral task
behavioral1
Sample
0fe773f8991f891f930802f1d221f693f1a05c5229015abae6fcd17e736f8fdf.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
0fe773f8991f891f930802f1d221f693f1a05c5229015abae6fcd17e736f8fdf.exe
-
Size
1.0MB
-
MD5
93926c527f6cc9d97da4c4da846631d1
-
SHA1
adad5c1e8fb35dbd2a32019dd6cb988507ae685b
-
SHA256
0fe773f8991f891f930802f1d221f693f1a05c5229015abae6fcd17e736f8fdf
-
SHA512
6902a5c40fb0f63c37fd82e6123fa430c4e1d30779f182fb99dfa65a2b0442dcc90e4375c72af0628892c0f795204487827a6c527e4ced92cd760b4de7159439
-
SSDEEP
24576:0FMLVx8+3HMS5SzD+6diF12Kobs7le9Gsc8A0FUQky9I6CuTJ:+KHp5S/+nl37leXnAikyG6CuT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-