General
-
Target
60a8faffcc0215a5b11541c48f8f77a8.bin
-
Size
982KB
-
Sample
230329-bpj9gaeb94
-
MD5
ae6319e3fba8c6e3ff679a0126f8a17c
-
SHA1
36ae0501dc14e1cc6fa7ffd19fb3b9612d11c764
-
SHA256
60e983b024e29306651d4f7353d0e57dab02ab4984ba8786852490155f1427be
-
SHA512
b469e080f3dadc560d8ec953ae294c1c554aec310cd31910f729fc422bde285c01c52385495108f03e90edae9d57e2dc92c64dad522721594c333fe08df346cc
-
SSDEEP
24576:GIbt3+N8UJedYsAB34hGUwOzhJ2eQZiqyh4dsWLl:GFzJkiBohGUwSJ2epks2l
Static task
static1
Behavioral task
behavioral1
Sample
abb18917606c6031ab4139c3a5da92902af409ab055b48893924ed706b68cad0.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
vila
193.233.20.33:4125
-
auth_value
94b115d79ddcab0a0fb9dfab8e225c3b
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
abb18917606c6031ab4139c3a5da92902af409ab055b48893924ed706b68cad0.exe
-
Size
1.0MB
-
MD5
60a8faffcc0215a5b11541c48f8f77a8
-
SHA1
cf8e9c6a2cd4714021811c7e66feac5e17bf4552
-
SHA256
abb18917606c6031ab4139c3a5da92902af409ab055b48893924ed706b68cad0
-
SHA512
a2116e5b9154380cb52897426379466671cba92f85affb3aad0b96b4c4575199b66793c7d1864fca692bbafd7e4e1a3cc129b858d4a63c4740aafbc540a4f16f
-
SSDEEP
24576:Iyj5XnS5LY9/Qkvm/i/AxICW9ZR1hF/H+6:PjRnMqQk61mhp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-