General
-
Target
7b3a313f446bcd9dd1f20916ccc95f80.bin
-
Size
1019KB
-
Sample
230412-dfry3aag9w
-
MD5
a5e23f24f4a2ef04b63cb3a91dd29273
-
SHA1
0eb014092e739b173612f3cb2e6fba8ea97bc0fe
-
SHA256
5965f1d06e97998580bb69afcd99a5c67b367aee7ab7c419c8d70e4f293d3905
-
SHA512
979e86c740c0e6ccbeacd5446197f28736211d07c05b3b133171b9b8ea12d6e6ec8c7000768fb6f229063aabcf6c0731ba74cc1d16c896a179d01e9ba41852fa
-
SSDEEP
24576:ZXsO+OTtDqoxYJa5t7f+HAH+yDSuUrmQubnohEeSGZ5/Y+:gOxDqoxMa5t7f+gFsrTdjbQ+
Static task
static1
Behavioral task
behavioral1
Sample
c64c01e4b5c676fdaf6a9f813225cb506d3bf8207f625b825859b8f4c2732436.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
c64c01e4b5c676fdaf6a9f813225cb506d3bf8207f625b825859b8f4c2732436.exe
-
Size
1.0MB
-
MD5
7b3a313f446bcd9dd1f20916ccc95f80
-
SHA1
5e67c22a5db8d9a467f0981116409c55c46d6da0
-
SHA256
c64c01e4b5c676fdaf6a9f813225cb506d3bf8207f625b825859b8f4c2732436
-
SHA512
a3fd46acf47e4016834d7eddca39faa021061a4f88aa0af011fb5ca7cd3d580f9be35d6c7fa9c41ee5dcb3f7581473d76a8da48ca68923b4d787aec0e23d44e6
-
SSDEEP
24576:myysjVAtou3CS8eEcnbTwHIDym+Ng9KJxffy2SGK8:1Xj+touxukMIDytJxC2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-