General
-
Target
ba5984c03d8825ad47bb01a1646fc8cf8114c341c20af57a6207e095171d9c7b
-
Size
519KB
-
Sample
230209-q16zyaec22
-
MD5
266279d1ac76e447736c7a3e2de46482
-
SHA1
d534b302dcb7bb6c4a7b5656cef7b871f05fc1d8
-
SHA256
ba5984c03d8825ad47bb01a1646fc8cf8114c341c20af57a6207e095171d9c7b
-
SHA512
14d7e6443e55f4ed415557a45314bbc92d86e6f3e0e001b47dd9c3888fab6c6b7cc2b69fe11da558af4dd4b1361a11578f2bba8e29ef71c9a904a8901b548b56
-
SSDEEP
12288:aMrKy90xarJUF6sxWhEt1S/Fo4aZ4iq/NQcKFr:YyDrJUFx89FLaZK4r
Static task
static1
Behavioral task
behavioral1
Sample
ba5984c03d8825ad47bb01a1646fc8cf8114c341c20af57a6207e095171d9c7b.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
ba5984c03d8825ad47bb01a1646fc8cf8114c341c20af57a6207e095171d9c7b
-
Size
519KB
-
MD5
266279d1ac76e447736c7a3e2de46482
-
SHA1
d534b302dcb7bb6c4a7b5656cef7b871f05fc1d8
-
SHA256
ba5984c03d8825ad47bb01a1646fc8cf8114c341c20af57a6207e095171d9c7b
-
SHA512
14d7e6443e55f4ed415557a45314bbc92d86e6f3e0e001b47dd9c3888fab6c6b7cc2b69fe11da558af4dd4b1361a11578f2bba8e29ef71c9a904a8901b548b56
-
SSDEEP
12288:aMrKy90xarJUF6sxWhEt1S/Fo4aZ4iq/NQcKFr:YyDrJUFx89FLaZK4r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-