General
-
Target
f6bb07b434be5aa8ee1def9867f84eea.exe
-
Size
1.0MB
-
Sample
230328-gqwa1shb92
-
MD5
f6bb07b434be5aa8ee1def9867f84eea
-
SHA1
817ac13fb0a4591810a841ab96085ce23747699b
-
SHA256
e9d0544d87a83636f768dde86196150137a1113a25e417ff09c1a53cf6f959ea
-
SHA512
0bdb5c9a53f3d4ee4fb5d449672f7cdcb3d2636955071f37e0df3dd996a24fad40dc7060e84131857c1520ff7b492e999b99447b7ed6ea9ab883b265ff279a2a
-
SSDEEP
24576:Ny3XoMJnsj3nn/Bv+OkaJgQZFLd8aLi0ISKVLndKfZXOUAB:o34MdWd+uk7SKNndCOUA
Static task
static1
Behavioral task
behavioral1
Sample
f6bb07b434be5aa8ee1def9867f84eea.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
f6bb07b434be5aa8ee1def9867f84eea.exe
-
Size
1.0MB
-
MD5
f6bb07b434be5aa8ee1def9867f84eea
-
SHA1
817ac13fb0a4591810a841ab96085ce23747699b
-
SHA256
e9d0544d87a83636f768dde86196150137a1113a25e417ff09c1a53cf6f959ea
-
SHA512
0bdb5c9a53f3d4ee4fb5d449672f7cdcb3d2636955071f37e0df3dd996a24fad40dc7060e84131857c1520ff7b492e999b99447b7ed6ea9ab883b265ff279a2a
-
SSDEEP
24576:Ny3XoMJnsj3nn/Bv+OkaJgQZFLd8aLi0ISKVLndKfZXOUAB:o34MdWd+uk7SKNndCOUA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-