General
-
Target
0161b44615068b3af2425cebd0d8e584.bin
-
Size
979KB
-
Sample
230329-bcpneseb48
-
MD5
0b75aadef147940c0884b3d9b3a7aeed
-
SHA1
9c3fc0d3e35981fffc0b27dd4ef23e92630a2f05
-
SHA256
1db83738ca4ff9b726269e07266de123b8fac282251281254c01171776392a68
-
SHA512
6d28232d173145b73ce0d464e6bf985ff369e1297be5ee746aaefde30187875dad8b38f691ba351e692ac1db871bacddfc57d4913cbea0bcaa4b143e8739f606
-
SSDEEP
24576:mlWsJkp3Vljus5lNNFTotAz2RBJbDeavvJc0:csf32JbDe8N
Static task
static1
Behavioral task
behavioral1
Sample
601207ff2909da97272ca4d22cd8ba62012fe4292e902df7b0c3af0b1940c46b.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
vila
193.233.20.33:4125
-
auth_value
94b115d79ddcab0a0fb9dfab8e225c3b
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
601207ff2909da97272ca4d22cd8ba62012fe4292e902df7b0c3af0b1940c46b.exe
-
Size
1023KB
-
MD5
0161b44615068b3af2425cebd0d8e584
-
SHA1
f221f8a49194f63c75e168e39bfd95897825851a
-
SHA256
601207ff2909da97272ca4d22cd8ba62012fe4292e902df7b0c3af0b1940c46b
-
SHA512
45e0ce56f2d12cd78d9e827c23c83fdf2b40f70f44c5bad51bf2b079ceefea8be832c36b9c90163b4e4dd6337241f78f16a992ac9e45a515b787d538b39dffe5
-
SSDEEP
24576:oyyT/1XYqWCKBjNfUS5idDS/m/+fEcQTa0SYtrzejaBF/:vWX5KBBfdi9mmXcIaXo3BF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-