General
-
Target
-
Size
148.4MB
-
Sample
240630-jkxyrsvejb
-
MD5
e9a7edfdb82ed2b9f6cb31bcc438c690
-
SHA1
cd51fd08928961645f1b238ad0ad3f78f4a54289
-
SHA256
8e0543407eeeae125e31d12c41c6678eb46dd8737ed58e5a17a6ff48bd56fd6a
-
SHA512
9f131cfbfc25492fa2eca7ab112a93cbf5056d1c87b2e12953d4ee2aef6792ba012d28a4fbebfdbbc4454fa79e11e97d65f25449416a084575b11dc7cf96b106
-
SSDEEP
3145728:3lT2amsbjBDXyF1f6QaOZcEeDdI2bOBc1hI6OHiekMGfRuUmuLpRhv:VT2AjBDCHf6QPZc/iBc1hDOHiQGsiv
Static task
static1
Behavioral task
behavioral1
Sample
e@zy_start.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e@zy_start.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
@tronzzz
94.228.166.68:80
Targets
-
-
Target
e@zy_start.exe
-
Size
782.4MB
-
MD5
0db1b5fae054951e07208f6fa22367ad
-
SHA1
b21a2f734293aa21acbefb814043d55a74616a7a
-
SHA256
70a6a3cd35cf1f118f749b8557301ae3f9e477edb3eceaaea7c6b030fb5963b9
-
SHA512
625e6090010212eb52201cb5a3cd48752a2feab57037f8a54f2472b0b8428ee20b444d7cdcb9fa42b443c4e79767b87b47dc3aeb1044c2e2a7ba699e0ee126b0
-
SSDEEP
98304:YkQIzJ7T7q/ap2fZAq0G+qkct8lGgXMcYc9cDcYc9cDcYc9cDcYc9cDcYc9cDcYt:YkQINn7q/BSxGBktFc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-