General
-
Target
Pornhub Premium 9.22v.rar
-
Size
4.2MB
-
Sample
240409-bn4lqahf88
-
MD5
feb48f3be85fb927732814e7705545ff
-
SHA1
afd00f3a4181e33861f5510edcb3f4cc35f97d72
-
SHA256
66b6d796e64934c6e4059c159a649296cfc1d58a74803b55a6337e5bf8978be1
-
SHA512
b2b7c06ac7164adda441cdd17bf597f7e83bcaf03c3656a352f976da695377980d43a87b904e52aa3a2c7a94dff6c856eda8079f1ef35118090bcebfd3f807db
-
SSDEEP
98304:FeEGcno6F7GhR/lD6U7JRUfvdDOn8C39U3XhgGKGcruhmBSgG:FeEGSG/l+GQxOn8Qivmky3G
Static task
static1
Behavioral task
behavioral1
Sample
Pornhub Premium 9.22v.rar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Pornhub Premium 9.22v.rar
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
@Ebursteamss
45.15.156.167:80
Targets
-
-
Target
Pornhub Premium 9.22v.rar
-
Size
4.2MB
-
MD5
feb48f3be85fb927732814e7705545ff
-
SHA1
afd00f3a4181e33861f5510edcb3f4cc35f97d72
-
SHA256
66b6d796e64934c6e4059c159a649296cfc1d58a74803b55a6337e5bf8978be1
-
SHA512
b2b7c06ac7164adda441cdd17bf597f7e83bcaf03c3656a352f976da695377980d43a87b904e52aa3a2c7a94dff6c856eda8079f1ef35118090bcebfd3f807db
-
SSDEEP
98304:FeEGcno6F7GhR/lD6U7JRUfvdDOn8C39U3XhgGKGcruhmBSgG:FeEGSG/l+GQxOn8Qivmky3G
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-