General
-
Target
4f548eda618efe4ba011c51105b29a13.bin
-
Size
535KB
-
Sample
230612-bn6fbaad55
-
MD5
1b167bb765fbe431f37a02d31518b9d3
-
SHA1
db47e97170aeda153434d138e6bb5ad79809b84d
-
SHA256
b2199ec7f7e611751bbfb39b87ecf3f2f3cdba579c4aa0e9419881306a20fc26
-
SHA512
e53aaa8db06722c5d191bc14113092c7066b6418646d8cc73bb6ac0b4724284668bdbeb87c18568a854136cad50d9a4ecbca7cc9004e13c893b1716f34752df8
-
SSDEEP
12288:1beP+CulIQEN06nDKm4RKNZgzwWNXo6Xfy4nvzCQvWkXQ99q6UdG76g:9++Cq776M7NXuSlWPq6UdG2g
Static task
static1
Behavioral task
behavioral1
Sample
e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dast
83.97.73.129:19068
-
auth_value
17d71bf1a3f93284f5848e00b0dd8222
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5.exe
-
Size
578KB
-
MD5
4f548eda618efe4ba011c51105b29a13
-
SHA1
d666ae299cc1b5e9348c16c9f1fd67fafcfe1795
-
SHA256
e127e0e44449a6b22815cb287eb366ecd5dd82faeac5a0297ceefd579107f8d5
-
SHA512
de9c4d5e26870c4cab5f6657243aa61fae010fb15d60662b81c7ab16720589c7df39c626aecf98dd3d50c1794172026a180bbe86d8f545610ad9e720e1320eae
-
SSDEEP
12288:UMrYy90YVN4nDS0k4imT++D6wvd8VwAHJ1emvuNfj7B/:8yZVKm0kakwvd8Vwkem2z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-