General
-
Target
y0791044.exe
-
Size
519KB
-
Sample
230612-e9976saf94
-
MD5
19279d1f21c83a4e9973436c29a47509
-
SHA1
2e6838e2329a5b3979ebc7c0994bc4fbd0000ffd
-
SHA256
b3750f8617875393637fc419dc6865f314950c26cc47362337900c099c93d4d2
-
SHA512
a1e263200e5b0489a5bcbc9c96fc91c87dc86e5f4f00df2a01d2998267fefc38704a8342b4a145d50b45f396e4d06207bb863c50433c55cb9e011ab2c04e85c1
-
SSDEEP
12288:GMrTy90bG5eUdmKEyhsnRpbVxxvSZ9XZOfibFa0vFM3X:hyCG5Xdlphsnr7xvSf0ibsYCn
Static task
static1
Behavioral task
behavioral1
Sample
y0791044.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
y0791044.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
doro
83.97.73.129:19068
-
auth_value
03f411441fb3fa233179c2cc8ffbce27
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Targets
-
-
Target
y0791044.exe
-
Size
519KB
-
MD5
19279d1f21c83a4e9973436c29a47509
-
SHA1
2e6838e2329a5b3979ebc7c0994bc4fbd0000ffd
-
SHA256
b3750f8617875393637fc419dc6865f314950c26cc47362337900c099c93d4d2
-
SHA512
a1e263200e5b0489a5bcbc9c96fc91c87dc86e5f4f00df2a01d2998267fefc38704a8342b4a145d50b45f396e4d06207bb863c50433c55cb9e011ab2c04e85c1
-
SSDEEP
12288:GMrTy90bG5eUdmKEyhsnRpbVxxvSZ9XZOfibFa0vFM3X:hyCG5Xdlphsnr7xvSf0ibsYCn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-