General
-
Target
e99ed5cc4506d117cd2502f7b56b779b.exe
-
Size
1.0MB
-
Sample
230326-3ettpsae35
-
MD5
e99ed5cc4506d117cd2502f7b56b779b
-
SHA1
c2a68ef6f451a8c20ef97d35c3abf76224f5b555
-
SHA256
885cd71a5c8ff7e020f3fae0d6b09ae4e6738ef102df163105dbbba7cb0095ac
-
SHA512
8788da6b61231423ea3629cb1589c7513c67b4f08e2499522d4486f211778964e639cb8e7df824b9623eade30e4c0b35fefaaee9d78700f59f94426091595b70
-
SSDEEP
24576:qybY9AmZ1gVXITtKI3fq0RO6f3akDuDYXOIyxkm9yD:xbYSO1TtKZ0Rz8DyOIyXo
Static task
static1
Behavioral task
behavioral1
Sample
e99ed5cc4506d117cd2502f7b56b779b.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
e99ed5cc4506d117cd2502f7b56b779b.exe
-
Size
1.0MB
-
MD5
e99ed5cc4506d117cd2502f7b56b779b
-
SHA1
c2a68ef6f451a8c20ef97d35c3abf76224f5b555
-
SHA256
885cd71a5c8ff7e020f3fae0d6b09ae4e6738ef102df163105dbbba7cb0095ac
-
SHA512
8788da6b61231423ea3629cb1589c7513c67b4f08e2499522d4486f211778964e639cb8e7df824b9623eade30e4c0b35fefaaee9d78700f59f94426091595b70
-
SSDEEP
24576:qybY9AmZ1gVXITtKI3fq0RO6f3akDuDYXOIyxkm9yD:xbYSO1TtKZ0Rz8DyOIyXo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-