General
-
Target
f28a4f3d8a0bd0fbbf3464972743dec124c9c95c67c658f6d8bf15ef87d50858
-
Size
1.4MB
-
Sample
230502-kzcf2sac92
-
MD5
1888c1799196c3ad1e35853625c93835
-
SHA1
467f968b922bbeeab6cf121a70c1cc8bedf598a7
-
SHA256
f28a4f3d8a0bd0fbbf3464972743dec124c9c95c67c658f6d8bf15ef87d50858
-
SHA512
4e04e846331a04849f9804a055c89c4f7da7d20b34eb15d3661639090a839ef3004524a5a717e61448197077cc85ca389d5a7a37ce0287e5f1822f4b7847ee5e
-
SSDEEP
24576:bydvEwWKD2S3vquAW6CByFAJ00TNkfr2w+WA1B9cTN2SyKNu+0ePgO9QKay8K6Io:OCwV2qnAey90TN4+WA1BU4SX0mlaxKlH
Static task
static1
Behavioral task
behavioral1
Sample
f28a4f3d8a0bd0fbbf3464972743dec124c9c95c67c658f6d8bf15ef87d50858.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
f28a4f3d8a0bd0fbbf3464972743dec124c9c95c67c658f6d8bf15ef87d50858
-
Size
1.4MB
-
MD5
1888c1799196c3ad1e35853625c93835
-
SHA1
467f968b922bbeeab6cf121a70c1cc8bedf598a7
-
SHA256
f28a4f3d8a0bd0fbbf3464972743dec124c9c95c67c658f6d8bf15ef87d50858
-
SHA512
4e04e846331a04849f9804a055c89c4f7da7d20b34eb15d3661639090a839ef3004524a5a717e61448197077cc85ca389d5a7a37ce0287e5f1822f4b7847ee5e
-
SSDEEP
24576:bydvEwWKD2S3vquAW6CByFAJ00TNkfr2w+WA1B9cTN2SyKNu+0ePgO9QKay8K6Io:OCwV2qnAey90TN4+WA1BU4SX0mlaxKlH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-