General
-
Target
Evon V3_debloated.exe
-
Size
1.3MB
-
Sample
230125-12sh2sce4w
-
MD5
b7a17c9d45a317c674f6c94fe33e0c32
-
SHA1
d4f49fcb1a0f2462a750510f4c192f95edd25855
-
SHA256
7c6768c3df66679759c311920c23a9474527e8c00cc64e708ef7d3cd3288f3ee
-
SHA512
6d4087ee0fa7b1bbef0b9ccefcc4ea0269ead667aef4e840a051f096ecdb0eff75b5ee0647cf0b3389de2be5fa31e70fd8c080ed13d8432a13fec1067161aa35
-
SSDEEP
6144:6Tl+GCvr3Kb3mpqhiRPRE8yrsOL4kUL+two9UUeCEbeiL8AX30jpBvke0j+ps3Uj:V32b3StRQrE2woe4iLWjQeNps3KdEnw
Static task
static1
Behavioral task
behavioral1
Sample
Evon V3_debloated.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Evon V3_debloated.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@dxrkl0rd
176.113.115.7:2883
-
auth_value
9c8dd7353be7ed4b6832da21d8d0d902
Extracted
redline
hardsys
81.161.229.143:26910
-
auth_value
82ad849ed058e27d81cf569bc8c4f08a
Targets
-
-
Target
Evon V3_debloated.exe
-
Size
1.3MB
-
MD5
b7a17c9d45a317c674f6c94fe33e0c32
-
SHA1
d4f49fcb1a0f2462a750510f4c192f95edd25855
-
SHA256
7c6768c3df66679759c311920c23a9474527e8c00cc64e708ef7d3cd3288f3ee
-
SHA512
6d4087ee0fa7b1bbef0b9ccefcc4ea0269ead667aef4e840a051f096ecdb0eff75b5ee0647cf0b3389de2be5fa31e70fd8c080ed13d8432a13fec1067161aa35
-
SSDEEP
6144:6Tl+GCvr3Kb3mpqhiRPRE8yrsOL4kUL+two9UUeCEbeiL8AX30jpBvke0j+ps3Uj:V32b3StRQrE2woe4iLWjQeNps3KdEnw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-