General
-
Target
aa8b2be4fc7f54a1f4d5b98c50339db3e72438919305251c29b5a379f10d9315
-
Size
514KB
-
Sample
230209-raadqaef44
-
MD5
ab996d5b02f6f125f5cfe2b15a810a34
-
SHA1
62be350e5491b392ecca94e31e84aca345d0edd9
-
SHA256
aa8b2be4fc7f54a1f4d5b98c50339db3e72438919305251c29b5a379f10d9315
-
SHA512
5d0c49c2597798c92d6b0160bf8bcc26e3534dd6f9f9246e25191069a35a1306eb992f106f908ec7cd6e74c6a65b1e693b7673281ad02537317c9234da26fe25
-
SSDEEP
12288:lMrFy90Ew/NnQrIs3MWmhk8ddtqMA9Q7vjzDLfkxC:8y0nY3MJhk8d7TASnzT
Static task
static1
Behavioral task
behavioral1
Sample
aa8b2be4fc7f54a1f4d5b98c50339db3e72438919305251c29b5a379f10d9315.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
aa8b2be4fc7f54a1f4d5b98c50339db3e72438919305251c29b5a379f10d9315
-
Size
514KB
-
MD5
ab996d5b02f6f125f5cfe2b15a810a34
-
SHA1
62be350e5491b392ecca94e31e84aca345d0edd9
-
SHA256
aa8b2be4fc7f54a1f4d5b98c50339db3e72438919305251c29b5a379f10d9315
-
SHA512
5d0c49c2597798c92d6b0160bf8bcc26e3534dd6f9f9246e25191069a35a1306eb992f106f908ec7cd6e74c6a65b1e693b7673281ad02537317c9234da26fe25
-
SSDEEP
12288:lMrFy90Ew/NnQrIs3MWmhk8ddtqMA9Q7vjzDLfkxC:8y0nY3MJhk8d7TASnzT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-