General
-
Target
888853269223dfc801a3ad3e3235fbc1.exe
-
Size
1.0MB
-
Sample
230326-xhgewsbf21
-
MD5
888853269223dfc801a3ad3e3235fbc1
-
SHA1
aefe02c01dc2503a61bf38c2bf924f3be138053d
-
SHA256
aa69245f1de4736bb7e95461f9dbc24212790166113bea5a3ae719d5268f3fdb
-
SHA512
ecae9748ede2d44be721532f64d4b528618fb192ac935f98112d530a5ea0fe7369bf4388f1d44e725cc452fa0a08e9247a67d387495a344a6108e135f03b0666
-
SSDEEP
24576:XyQR5waSbnqA0WXs1eaHZZbJ1GQ4h0TaoI:iQRjSbn/0cs1tX3GJAa
Static task
static1
Behavioral task
behavioral1
Sample
888853269223dfc801a3ad3e3235fbc1.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
66.42.108.195:40499
-
auth_value
f93019ca42e7f9440be3a7ee1ebc636d
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
@REDLINEVIPCHAT Cloud (TG: @FATHEROFCARDERS)
151.80.89.234:19388
-
auth_value
56af49c3278d982f9a41ef2abb7c4d09
Targets
-
-
Target
888853269223dfc801a3ad3e3235fbc1.exe
-
Size
1.0MB
-
MD5
888853269223dfc801a3ad3e3235fbc1
-
SHA1
aefe02c01dc2503a61bf38c2bf924f3be138053d
-
SHA256
aa69245f1de4736bb7e95461f9dbc24212790166113bea5a3ae719d5268f3fdb
-
SHA512
ecae9748ede2d44be721532f64d4b528618fb192ac935f98112d530a5ea0fe7369bf4388f1d44e725cc452fa0a08e9247a67d387495a344a6108e135f03b0666
-
SSDEEP
24576:XyQR5waSbnqA0WXs1eaHZZbJ1GQ4h0TaoI:iQRjSbn/0cs1tX3GJAa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-