General
-
Target
setup.exe
-
Size
375KB
-
Sample
230322-beek8sea36
-
MD5
1f0174e2d02b28db502c569a2fb76a51
-
SHA1
ae31c40d998421c5a70038be8902562045f5040c
-
SHA256
f398fa0c9e5e3256f3f654b6cf87b7893a648f472d745e48a3521fc49fe0ae36
-
SHA512
71bd09c0ea72a5bc61e88e25965480556fa31fd417d4ad5b133615f5c13380582c5630215bb64c79c3f6dc697189d12031e678c1ccc0d19f3bd56fe65059a502
-
SSDEEP
6144:KLy+bnr+Gp0yN90QEyU9s3ePRj1RlXMQCbGFYjwOh46iGGkyPvX0z3ILTqFx5dQW:hMryy90NsOl8QWslSyk7NFx5dQW
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sint
193.233.20.31:4125
-
auth_value
9d9b763b4dcfbff1c06ef4743cc0399e
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
setup.exe
-
Size
375KB
-
MD5
1f0174e2d02b28db502c569a2fb76a51
-
SHA1
ae31c40d998421c5a70038be8902562045f5040c
-
SHA256
f398fa0c9e5e3256f3f654b6cf87b7893a648f472d745e48a3521fc49fe0ae36
-
SHA512
71bd09c0ea72a5bc61e88e25965480556fa31fd417d4ad5b133615f5c13380582c5630215bb64c79c3f6dc697189d12031e678c1ccc0d19f3bd56fe65059a502
-
SSDEEP
6144:KLy+bnr+Gp0yN90QEyU9s3ePRj1RlXMQCbGFYjwOh46iGGkyPvX0z3ILTqFx5dQW:hMryy90NsOl8QWslSyk7NFx5dQW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-