General
-
Target
43c315ec3be59be4ef5aa52e440fc10c.exe
-
Size
1.4MB
-
Sample
221028-k2rnrafbd5
-
MD5
43c315ec3be59be4ef5aa52e440fc10c
-
SHA1
c9b68a94fbd7519a290ec60d3a8a1eae2d8b4b84
-
SHA256
5207dd47df6e282ee4d949282a96f83bbda7be328f65719113623512df7e4015
-
SHA512
5914162996616ac7ffdf3a403ce24cf4645daa8af74f2b27c3c85486f38f2f80abed19e80621fe82a738e9b03a99a6e5c22121252dc450eb1e2dc4e60203b213
-
SSDEEP
12288:OnjobNrYynWZQzjFeM6DJOjB9sTTHyeGkwhr402Gjaaz97PxYPKrzD0o9sIheoT:0ynYQb6VOKHwS0l3zVxRwo
Behavioral task
behavioral1
Sample
43c315ec3be59be4ef5aa52e440fc10c.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
K F
168.119.65.166:21269
-
auth_value
201fc523e44306a8f2aa3fe14a3de780
Targets
-
-
Target
43c315ec3be59be4ef5aa52e440fc10c.exe
-
Size
1.4MB
-
MD5
43c315ec3be59be4ef5aa52e440fc10c
-
SHA1
c9b68a94fbd7519a290ec60d3a8a1eae2d8b4b84
-
SHA256
5207dd47df6e282ee4d949282a96f83bbda7be328f65719113623512df7e4015
-
SHA512
5914162996616ac7ffdf3a403ce24cf4645daa8af74f2b27c3c85486f38f2f80abed19e80621fe82a738e9b03a99a6e5c22121252dc450eb1e2dc4e60203b213
-
SSDEEP
12288:OnjobNrYynWZQzjFeM6DJOjB9sTTHyeGkwhr402Gjaaz97PxYPKrzD0o9sIheoT:0ynYQb6VOKHwS0l3zVxRwo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-