General
-
Target
0C7129CC873A7AE0A20B38275F792EB8.exe
-
Size
125KB
-
Sample
240613-g8sylsxdne
-
MD5
0c7129cc873a7ae0a20b38275f792eb8
-
SHA1
d182944e585357d572ff7f04f31ea8cd633f7f83
-
SHA256
0ffabbcd65e9d16a98cfd6573e430faef64da2140408741e6ca69fa33ccd7e4c
-
SHA512
9f5d5fb23d0efa317d321d6a37e24c6ee97005dd70ee8a2d7116ae94243e339a7fcbf5c41d7edda96bdda2042642a8ce03fdde53a6bf77c9dff358edb6109b16
-
SSDEEP
3072:/6V/R6cUvnDmwPU9101LS8U5wUBeixhRk+XbXT9PsHP:CNR6JPDmwPUbi05wYeH+XbZP2
Static task
static1
Behavioral task
behavioral1
Sample
0C7129CC873A7AE0A20B38275F792EB8.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
103.168.67.9:57395
Targets
-
-
Target
0C7129CC873A7AE0A20B38275F792EB8.exe
-
Size
125KB
-
MD5
0c7129cc873a7ae0a20b38275f792eb8
-
SHA1
d182944e585357d572ff7f04f31ea8cd633f7f83
-
SHA256
0ffabbcd65e9d16a98cfd6573e430faef64da2140408741e6ca69fa33ccd7e4c
-
SHA512
9f5d5fb23d0efa317d321d6a37e24c6ee97005dd70ee8a2d7116ae94243e339a7fcbf5c41d7edda96bdda2042642a8ce03fdde53a6bf77c9dff358edb6109b16
-
SSDEEP
3072:/6V/R6cUvnDmwPU9101LS8U5wUBeixhRk+XbXT9PsHP:CNR6JPDmwPUbi05wYeH+XbZP2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-