General
-
Target
2e45e73cb3723a82e510b2960860c6e2.bin
-
Size
975KB
-
Sample
230322-bk3v1sga6t
-
MD5
6700c5ca85e7a781a07231e09dbc7655
-
SHA1
7f2dc92f2141695cc89c5e6264a5e90c1ef12067
-
SHA256
283a666981fa117073038a1bf00d83df488131f83bfe91407911ad67b68120ff
-
SHA512
cbb6a7ffd934b574d438b7d4eb5a6322d438a26afd5b2c2787c261a16bac741c94abe6f6dbab7da73bf16106ae588b234ffa91a836a704984b264950e240500f
-
SSDEEP
24576:Sh1vxibFqciyvMfXhwygT6HaAz/4vg4tpnVgWaxO1u:SYKxwV66AMvPVgWkO1u
Static task
static1
Behavioral task
behavioral1
Sample
08fb9d7d0a8c97739463d7666fc60b3814d27d172dabd111e1be8f74f97fb3b2.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
08fb9d7d0a8c97739463d7666fc60b3814d27d172dabd111e1be8f74f97fb3b2.exe
-
Size
1.0MB
-
MD5
2e45e73cb3723a82e510b2960860c6e2
-
SHA1
173fb7f2632e461afe3cb54a22e855c3c51e3ef3
-
SHA256
08fb9d7d0a8c97739463d7666fc60b3814d27d172dabd111e1be8f74f97fb3b2
-
SHA512
216983066f7359505d6670c9fb8738aa910cd29420ac3a2cf562e7b660560e19096115c69d78d82b84215e26aa187f5b16b993f17ce4d4cb98ac780d90f5e032
-
SSDEEP
24576:VDDZTSZMPhJcfSjvS4UjFVjVDbUN4Dzm/:lZTSohufSTS4Uj/jg4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-