General
-
Target
b4fe277ec85e3084d23fcaa668dfc0b3.exe
-
Size
1.0MB
-
Sample
230326-3pegrsce6s
-
MD5
b4fe277ec85e3084d23fcaa668dfc0b3
-
SHA1
34ba1ad9605cf4c87a2272a5e39f0d4ef726b5e4
-
SHA256
2267b8157a975f8c3c687dce27c5212de7f0d1800c0baca7dd568d5644a12b89
-
SHA512
6bcd902e7f44e04a49ba86eb913e7b1f147874241dc4f7a37989aa2ea50d3bc459175cf474c5b384a9c89f1ffad3cc29345ad08d325fa29d46289e378431a4c5
-
SSDEEP
24576:AykcnRlxNThPirJ1/ztLQ/4iGyGehAp7t0hPZOWJPzH3MG0WIfJEE:HkulxNTFir3zZQ1RFApp0NoWJPz3fnIf
Static task
static1
Behavioral task
behavioral1
Sample
b4fe277ec85e3084d23fcaa668dfc0b3.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
66.42.108.195:40499
-
auth_value
f93019ca42e7f9440be3a7ee1ebc636d
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
@REDLINEVIPCHAT Cloud (TG: @FATHEROFCARDERS)
151.80.89.234:19388
-
auth_value
56af49c3278d982f9a41ef2abb7c4d09
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
b4fe277ec85e3084d23fcaa668dfc0b3.exe
-
Size
1.0MB
-
MD5
b4fe277ec85e3084d23fcaa668dfc0b3
-
SHA1
34ba1ad9605cf4c87a2272a5e39f0d4ef726b5e4
-
SHA256
2267b8157a975f8c3c687dce27c5212de7f0d1800c0baca7dd568d5644a12b89
-
SHA512
6bcd902e7f44e04a49ba86eb913e7b1f147874241dc4f7a37989aa2ea50d3bc459175cf474c5b384a9c89f1ffad3cc29345ad08d325fa29d46289e378431a4c5
-
SSDEEP
24576:AykcnRlxNThPirJ1/ztLQ/4iGyGehAp7t0hPZOWJPzH3MG0WIfJEE:HkulxNTFir3zZQ1RFApp0NoWJPz3fnIf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-