General
-
Target
84bf36993bdd61d216e83fe391fcc7fd
-
Size
304KB
-
Sample
240523-f5lvfsfb78
-
MD5
84bf36993bdd61d216e83fe391fcc7fd
-
SHA1
e023212e847a54328aaea05fbe41eb4828855ce6
-
SHA256
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa
-
SHA512
bb3241949618ad2d39057e085e150f43b4d41d74efc4658d9c27f8c0ec80420191517a2c0b6b7e225c4e50e02cd031cdfd178e05b9a869847a3c27b210d09caf
-
SSDEEP
3072:aq6EgY6igrUjXwwRwPfhlogDHGjZyTAZtAsiLVcZqf7D34leqiOLibBOO:ZqY6i7wPnpiZyTAfAPVcZqf7DIvL
Behavioral task
behavioral1
Sample
84bf36993bdd61d216e83fe391fcc7fd.exe
Resource
win7-20231129-en
Malware Config
Extracted
redline
1
185.215.113.67:40960
Extracted
stealc
Targets
-
-
Target
84bf36993bdd61d216e83fe391fcc7fd
-
Size
304KB
-
MD5
84bf36993bdd61d216e83fe391fcc7fd
-
SHA1
e023212e847a54328aaea05fbe41eb4828855ce6
-
SHA256
8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa
-
SHA512
bb3241949618ad2d39057e085e150f43b4d41d74efc4658d9c27f8c0ec80420191517a2c0b6b7e225c4e50e02cd031cdfd178e05b9a869847a3c27b210d09caf
-
SSDEEP
3072:aq6EgY6igrUjXwwRwPfhlogDHGjZyTAZtAsiLVcZqf7D34leqiOLibBOO:ZqY6i7wPnpiZyTAfAPVcZqf7DIvL
-
Detect Vidar Stealer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-