General
-
Target
7bfcdf32d2e88535094e72482b31533a.bin
-
Size
682KB
-
Sample
230612-cek9fsae26
-
MD5
151f308d504d0a6da75c16d4fdf96409
-
SHA1
5fe504e053537dfd8b2fcc4a3908d46b23b21989
-
SHA256
0196c35d8b20c631d401a1abcdc99bfdd5a05f5105a9b3a75ef8ff4647047075
-
SHA512
ac26558f9ebdb193ef412382ce87c390a42c12a9c167c3296548bb61fb3a89b1877cfbf66ac7d164631b88f4e64448130100cf64606e3887b06f463597293e73
-
SSDEEP
12288:F9QDT1FFI9fsikbmGC4fQxvB1nUBJBPBLb4PyWEN4Ww0NUl0NCfYoFLvaUpo6UqP:FCNFS9fEBoTWBLJLb2JaNUyIfdFzaUio
Static task
static1
Behavioral task
behavioral1
Sample
2d9309fff2f138178f8b7a7f339090fd67f1300b3de700980d6733c37315e99b.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dast
83.97.73.129:19068
-
auth_value
17d71bf1a3f93284f5848e00b0dd8222
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
2d9309fff2f138178f8b7a7f339090fd67f1300b3de700980d6733c37315e99b.exe
-
Size
726KB
-
MD5
7bfcdf32d2e88535094e72482b31533a
-
SHA1
0c567f2e499e443703fcf7e085c0665cce272fb4
-
SHA256
2d9309fff2f138178f8b7a7f339090fd67f1300b3de700980d6733c37315e99b
-
SHA512
bb708857180edee587ec309cf5f720a5926627f4fd903051085807c9ff73377516ab99b7800b8989a9fcf11a8bde77fb7da70dc87e9e88b70266ba3bfbb1bef5
-
SSDEEP
12288:zMrhy906c828PKFBod3S3Zs73zMVKO3pDybLK+ppUbc3b6SF49lfX6:GyW828uw3mizMx3YKPbc3l/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-