Overview
overview
10Static
static
3Debug/Addition.dll
windows7-x64
1Debug/Addition.dll
windows10-2004-x64
1Debug/Cracker.dll
windows7-x64
1Debug/Cracker.dll
windows10-2004-x64
1Debug/Helper.dll
windows7-x64
1Debug/Helper.dll
windows10-2004-x64
1Debug/Resource.dll
windows7-x64
1Debug/Resource.dll
windows10-2004-x64
1Packaged/Resource.dll
windows7-x64
1Packaged/Resource.dll
windows10-2004-x64
1Software 1.30.1.exe
windows7-x64
3Software 1.30.1.exe
windows10-2004-x64
10General
-
Target
Software 1.30.1.rar
-
Size
11.1MB
-
Sample
240519-xym8dade7y
-
MD5
67a7b1cf572eab187e8736faee1806ae
-
SHA1
ee552c72e68712c59a06e9de310b900cc0814434
-
SHA256
4bd9eaf7e8142a48c12dd25ffdd3767f2b268891934c45d47c976693f4903f22
-
SHA512
1d74b7b1d0679e07a93b366c457efa2fee7c2e6208e2cd4e30910c0904951265a11980320f7aab30c67d1c8323b262c0c235870cf944e8bc27cc6b895cf15bca
-
SSDEEP
196608:WkL2CRKtDBZaDTrBjz265YZO9RmgnSeA9ksq75N3VXFIKiEtuLsCA:XKdBSjy65NJ3A9kx5bX1JtAs9
Static task
static1
Behavioral task
behavioral1
Sample
Debug/Addition.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Debug/Addition.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Debug/Cracker.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Debug/Cracker.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Debug/Helper.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Debug/Helper.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Debug/Resource.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Debug/Resource.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Packaged/Resource.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
Packaged/Resource.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Software 1.30.1.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Software 1.30.1.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
@fgkyleoff
147.45.47.93:80
Targets
-
-
Target
Debug/Addition.dll
-
Size
30KB
-
MD5
f22e849a370cdf127f48beab596bdd81
-
SHA1
fb1da47c7a246f2cda7f7686a468efafd9933b1e
-
SHA256
8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
-
SHA512
6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
-
SSDEEP
768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score1/10 -
-
-
Target
Debug/Cracker.dll
-
Size
56KB
-
MD5
404aacc737a9d30147d30cee6be0abba
-
SHA1
5f49b9197d73b53eb3473c80a6f25dc068421baf
-
SHA256
3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
-
SHA512
eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score1/10 -
-
-
Target
Debug/Helper.dll
-
Size
189B
-
MD5
9bb9aba5dd893bbccfa45e2d75d55d26
-
SHA1
5714796513341ac3159a6a3c23d4769209063d35
-
SHA256
6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
-
SHA512
f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score1/10 -
-
-
Target
Debug/Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
-
-
Target
Packaged/Resource.dll
-
Size
189B
-
MD5
4427aeee68321d0f4d7befa74e669f83
-
SHA1
4670003762a1c217c9e8ea48fcc53f2871a7c341
-
SHA256
a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
-
SHA512
9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score1/10 -
-
-
Target
Software 1.30.1.exe
-
Size
526KB
-
MD5
515d9f734385c3f6ca17ed5c071aa84f
-
SHA1
b59e95a24eefc4e5e37f77c4d0e0a8069eb730b1
-
SHA256
a0e3633a64314cb4be32525263e8bdd759dee77dc01c578f4b90d563aef6b2fc
-
SHA512
07064cf134c96fb572bd06031fa6bb76a4de67229c4021e02b41073285fa3b8aa2f5ab5ed87a060341b7c42c439dda593822b2fa4f99e2d34e4f3a1cbb2078ef
-
SSDEEP
12288:1fMjGqNc08bB8TTi0a79BJBS80yjXNDeZy+Ju/fq8:IGSe6a79/BSreNqlsC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-