General
-
Target
1f960244d6633963951711b840d6c4b0.bin
-
Size
1.1MB
-
Sample
230323-bgfw3see3x
-
MD5
1d86639c50e1589bb176f4a0c5c88b58
-
SHA1
f50b0bd0f316707f5bf3a369deae106ec0e30cd0
-
SHA256
3024851e9fe7e799d10945737d892a24b062eb5650f879b79126ce7f07a1ac20
-
SHA512
fcf4f23267c59bddcc51a7d0495e975b3fd98143b75883a6993573c43798f97f2158b3fff071ee7dac02cabbc6d6fe5076edeaf2bff3c593f0a5c8c8f8d9e423
-
SSDEEP
24576:mfw/JqFngiymVne1Q+rNH2TAKxsJnWV51dVOt:XBGUoe2+rNHKKWVndu
Static task
static1
Behavioral task
behavioral1
Sample
412f9524bb80ba008cfc01edcf76440544e441b3841be2103578553a0fe3c847.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
412f9524bb80ba008cfc01edcf76440544e441b3841be2103578553a0fe3c847.exe
-
Size
1.2MB
-
MD5
1f960244d6633963951711b840d6c4b0
-
SHA1
eff617be72999228401b7db19905f58015e4f71b
-
SHA256
412f9524bb80ba008cfc01edcf76440544e441b3841be2103578553a0fe3c847
-
SHA512
fad8fbf3710b7b416b31c258d1b953b552019edb40810a91d72abfb73c38d04f85258c39950bf5b106126c4f785142fb818ce7c8cc51e9e15017e2b3824215ee
-
SSDEEP
24576:gP68Q0hZGglqBXOSYHjlRNTeM1YCXLlW//bVyFqb:gVQ0hrlqB5YD3+nbgq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-