General
-
Target
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7
-
Size
519KB
-
Sample
230208-ej8xesge5w
-
MD5
5be1b03ddf789ab88033ea07c9fef3bb
-
SHA1
2ce884cf3c65cf4975521bf64ad2022b6eba2f51
-
SHA256
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7
-
SHA512
512c0c648880e2bccb2a25e4e168e2f9ffe731518fd3c93d1a24ee13517a83a0e80f3a9683be92ee2802dfa423800c85b9e7b5bb9f9da20bb07a42822847c698
-
SSDEEP
12288:VMrFy90nJPPR1hj43dRJKVu1S45CLmYRj:YyIhLj4NioUmq
Static task
static1
Behavioral task
behavioral1
Sample
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
roma
193.233.20.7:4131
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Extracted
redline
new1
176.113.115.16:4132
-
auth_value
ac44cbde6633acc9d67419c7278d5c70
Targets
-
-
Target
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7
-
Size
519KB
-
MD5
5be1b03ddf789ab88033ea07c9fef3bb
-
SHA1
2ce884cf3c65cf4975521bf64ad2022b6eba2f51
-
SHA256
d6287ca7441d25c0efece59d37b2a0e9155291acf8716bddab054cc2375d1df7
-
SHA512
512c0c648880e2bccb2a25e4e168e2f9ffe731518fd3c93d1a24ee13517a83a0e80f3a9683be92ee2802dfa423800c85b9e7b5bb9f9da20bb07a42822847c698
-
SSDEEP
12288:VMrFy90nJPPR1hj43dRJKVu1S45CLmYRj:YyIhLj4NioUmq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-