General
-
Target
eec8e1c12206675666b0d22e61f58b5c.bin
-
Size
991KB
-
Sample
230328-c4dwnsgf26
-
MD5
9d9522131a7dc86b27e59899d007ba17
-
SHA1
191910489dbc2e30a9869fe3028d9d82001f5614
-
SHA256
d3a6aa38ee10313ab0532b6aaf108aaa32ff32bdab91adb22db6ddabcd207ea4
-
SHA512
b8f8a1feed1e8cfec32f1cec27409a018a4ffba02e28e9aed76c13a3a3a3a66d6cebd72efac90c455608e254e6f642e1a9f0b0278c7c86092d1a93910b9f3c1b
-
SSDEEP
12288:mnjKq1murRvK6aT9SzGc4auzMZ3/4mBdRRUW9gFnmjfRNVdmzjXURQZii/I0ipTe:IV1LSOV4jzOgoUWSFnafRjczmr9z3M
Static task
static1
Behavioral task
behavioral1
Sample
b8b003819518b7d1cf9f8eea0af5b30b2595f61260f8df903f1c37818082ebf1.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
braza
193.233.20.32:4125
-
auth_value
ebe61b54deeef75cf8466416c0857088
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b8b003819518b7d1cf9f8eea0af5b30b2595f61260f8df903f1c37818082ebf1.exe
-
Size
1.0MB
-
MD5
eec8e1c12206675666b0d22e61f58b5c
-
SHA1
a4cc526b0cb752a840ca4f178a3419270cf70f7e
-
SHA256
b8b003819518b7d1cf9f8eea0af5b30b2595f61260f8df903f1c37818082ebf1
-
SHA512
5af0ee312b171f95c188042e091ef402f2c5aeecb29f8ea89d9770f4bb72fbd50f666143f0fe939dc9dfc3553a8cc24e89c59255487a863b01ef416a0dba9202
-
SSDEEP
24576:+yNrFhRVktaiOepoJ5kMXlJS+hXiv50h0W9f3Em:NNrIrUeMHwvU/f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-