General
-
Target
ecfc9574a8374cbcb50a05df9af0ac5ac4d6247e0434548867e18a467fdda2f4
-
Size
766KB
-
Sample
230209-v932vsea92
-
MD5
9309efba2a7b7ac7f0cb727bf6df9ea2
-
SHA1
8434e86093fe1bfdcc7956cab3769d1d297e8586
-
SHA256
ecfc9574a8374cbcb50a05df9af0ac5ac4d6247e0434548867e18a467fdda2f4
-
SHA512
b541e1498e2cacfad78a30ab5fb86f4fc7136110616f80c9abc6dc4598ac72dc38ae668dd7b5d7adaa4d2a72ca59de906da7bd2178f40d12ce23b29a733b77b2
-
SSDEEP
12288:mMrNy90XUIWIw/O5NCjxwNCvhzOAUAdf2YEh8NWl628SirVXsn:Tyu6WNAlvhUAgY3VSiVsn
Static task
static1
Behavioral task
behavioral1
Sample
ecfc9574a8374cbcb50a05df9af0ac5ac4d6247e0434548867e18a467fdda2f4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
ecfc9574a8374cbcb50a05df9af0ac5ac4d6247e0434548867e18a467fdda2f4
-
Size
766KB
-
MD5
9309efba2a7b7ac7f0cb727bf6df9ea2
-
SHA1
8434e86093fe1bfdcc7956cab3769d1d297e8586
-
SHA256
ecfc9574a8374cbcb50a05df9af0ac5ac4d6247e0434548867e18a467fdda2f4
-
SHA512
b541e1498e2cacfad78a30ab5fb86f4fc7136110616f80c9abc6dc4598ac72dc38ae668dd7b5d7adaa4d2a72ca59de906da7bd2178f40d12ce23b29a733b77b2
-
SSDEEP
12288:mMrNy90XUIWIw/O5NCjxwNCvhzOAUAdf2YEh8NWl628SirVXsn:Tyu6WNAlvhUAgY3VSiVsn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-