General
-
Target
d036853e785d9784314b7f13afb713beecade5d19694e041641bff2c3203edf0
-
Size
733KB
-
Sample
230309-h48nyaba98
-
MD5
ab6b4718443f9364d39ca46dd2478269
-
SHA1
63740fe666d081f2886dfb70b7dba7f114bd1a44
-
SHA256
d036853e785d9784314b7f13afb713beecade5d19694e041641bff2c3203edf0
-
SHA512
f7826a87518fbd7dce05e86e8908af6e0cec4a018c4be9dfe9d9632a515415945700336aec6cb319a3f313c06ede2920c708316ba62aff39f6abc2bbea734711
-
SSDEEP
12288:KytZAIHKL1fb3mBKYrc5CmSTyJgmPUkPliA0BZo3+m1tVR:CrL1f6BKY48TyJgEULz9qVR
Static task
static1
Behavioral task
behavioral1
Sample
d036853e785d9784314b7f13afb713beecade5d19694e041641bff2c3203edf0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
garry
193.56.146.11:4173
-
auth_value
210ba56bf751fefe327f26e00f0be5a9
Extracted
amadey
3.68
193.56.146.218/images/IMG_489440/index.php
Targets
-
-
Target
d036853e785d9784314b7f13afb713beecade5d19694e041641bff2c3203edf0
-
Size
733KB
-
MD5
ab6b4718443f9364d39ca46dd2478269
-
SHA1
63740fe666d081f2886dfb70b7dba7f114bd1a44
-
SHA256
d036853e785d9784314b7f13afb713beecade5d19694e041641bff2c3203edf0
-
SHA512
f7826a87518fbd7dce05e86e8908af6e0cec4a018c4be9dfe9d9632a515415945700336aec6cb319a3f313c06ede2920c708316ba62aff39f6abc2bbea734711
-
SSDEEP
12288:KytZAIHKL1fb3mBKYrc5CmSTyJgmPUkPliA0BZo3+m1tVR:CrL1f6BKY48TyJgEULz9qVR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-