General
-
Target
Pearl Land Launcher Metaverse.exe
-
Size
32.4MB
-
Sample
230328-qce7bacg7s
-
MD5
8df594a0ace3078004790ce035bbe8e5
-
SHA1
cda604e32ac2f3ef19edd7024c51e77999ef3dcc
-
SHA256
ac3aed2d287dd8b95f1a97cb53f26bd4f5f94a72de3b82b849af12adf2c24ffd
-
SHA512
72564082b85caa503394eb1882c4c6622e4c2572c17c14b458b4265b885d9fcb1e2f9a2c1d5a1c1c4f3d287d22158efe767df519c6f1733b29fad140b560cd13
-
SSDEEP
786432:+/KGB/2QQd76D/heCHrw/KGB/2QQd76D/heCHr:cN2d0/hdraN2d0/hdr
Malware Config
Extracted
redline
PureLandd
212.113.116.143:29996
-
auth_value
f8ee3e0d49381a087ab34bab43e6532c
Targets
-
-
Target
Pearl Land Launcher Metaverse.exe
-
Size
32.4MB
-
MD5
8df594a0ace3078004790ce035bbe8e5
-
SHA1
cda604e32ac2f3ef19edd7024c51e77999ef3dcc
-
SHA256
ac3aed2d287dd8b95f1a97cb53f26bd4f5f94a72de3b82b849af12adf2c24ffd
-
SHA512
72564082b85caa503394eb1882c4c6622e4c2572c17c14b458b4265b885d9fcb1e2f9a2c1d5a1c1c4f3d287d22158efe767df519c6f1733b29fad140b560cd13
-
SSDEEP
786432:+/KGB/2QQd76D/heCHrw/KGB/2QQd76D/heCHr:cN2d0/hdraN2d0/hdr
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-