General
-
Target
Electron.exe
-
Size
4.3MB
-
Sample
240303-tasleadb64
-
MD5
a8f603a99aac807afb52d5fbb274798e
-
SHA1
864f85d0ace0c6bf9cdb99c39caebdc7118d3cbd
-
SHA256
7e9c0ecd6e0b3441af7df4aec555258bed5eb0355495ec55fa0ea7114ba355ae
-
SHA512
9f2b5919b8f7f6b47eac5657167cf194751a1e6105ea0dd81b0a1cd88bf210e99d305c6a31b3c28beca17cfc197feb468ae9d1cac6af0dbcabdad3e79e7f85d0
-
SSDEEP
98304:xMD32eCD/Z1aPgwmJiTus9cxGHTov8+D6i0x7ALf1fzRKvg:eD3jCDrggY9cUzC+Hx7Ar+4
Static task
static1
Malware Config
Extracted
redline
6123951210
https://pastebin.com/raw/NgsUAPya
Extracted
gozi
Targets
-
-
Target
Electron.exe
-
Size
4.3MB
-
MD5
a8f603a99aac807afb52d5fbb274798e
-
SHA1
864f85d0ace0c6bf9cdb99c39caebdc7118d3cbd
-
SHA256
7e9c0ecd6e0b3441af7df4aec555258bed5eb0355495ec55fa0ea7114ba355ae
-
SHA512
9f2b5919b8f7f6b47eac5657167cf194751a1e6105ea0dd81b0a1cd88bf210e99d305c6a31b3c28beca17cfc197feb468ae9d1cac6af0dbcabdad3e79e7f85d0
-
SSDEEP
98304:xMD32eCD/Z1aPgwmJiTus9cxGHTov8+D6i0x7ALf1fzRKvg:eD3jCDrggY9cUzC+Hx7Ar+4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-