General
-
Target
22cee31b95cb8b6a767419a460aaaeb0.bin
-
Size
367KB
-
Sample
240503-bdd83sba6v
-
MD5
3e3c0ffed3d8d72f5087d9f816b39ab1
-
SHA1
2fa8b532bf0477269c2d71df10e4ec55616eef6c
-
SHA256
08ed7d9a67d978f530561ac1fedfd8fe61bccd3b8800fc15200895971c46ad8b
-
SHA512
e2ca2793907bdf701c7cf5520018dd7b8b9e3181f9baeeac0e01aa477d55f6473f3e7988794e19f8d970c514de09652ecf8933c29621c0f592e3f031cd22b15a
-
SSDEEP
6144:BfUjlakOlJrl2QXsva18pPevyud1bGP5TBaKc/zpZOuqq73FWIVQt9HJHg/:dClFOlJgQ/4PGyuMTYKaZOuqq7VDy9HW
Static task
static1
Behavioral task
behavioral1
Sample
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
@Felnan32007
45.15.156.167:80
Targets
-
-
Target
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
-
Size
10.4MB
-
MD5
22cee31b95cb8b6a767419a460aaaeb0
-
SHA1
0c5c38bd43b0e2a739ec7a75f53d829b7f9f99fb
-
SHA256
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235
-
SHA512
3caae26df9b971a72ad1f904aea02279e3550ec4e5f58ef3ec6dad6db3c35ce9cda6d28d06030aa8cd64fa84dd57a70df59db5884dc22e255cfd36f9a77f8f2e
-
SSDEEP
6144:5n/Nq7BfxS++CICXPcxK0sdyCJoe2WdD4tGPFO9XMH5KJaRHdZQD:5n/4Nfr5xjdyCCWJ4toQY7WD
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1