General
-
Target
b39a7bc324162d5bbe0ebb53c5f72a74.bin
-
Size
1.1MB
-
Sample
230506-dkd8rsaa4v
-
MD5
bdebfc3cd1334ec623fca96065787c6d
-
SHA1
36510e121c77a5d98c13ea59bef863ade10b117e
-
SHA256
3c0395758c80f64f17eefb8154012848953c29d72ccb917fd0510d22f8261e4f
-
SHA512
fa0e3197837da1b85cf8420e9b834a02378953fb9a49ad23b956f2a81483189958caba4c44aab62dddddd5412b98409172bdff4a9afb523a87da99431620485c
-
SSDEEP
24576:E+20/ntSOYmpzxarUW5VwfCowutver+Yg8wO6uZuQMnWc:pfgCz2VKCowe6+Yg8wFuZynWc
Static task
static1
Behavioral task
behavioral1
Sample
fcc6630a3781bc584f63448d62e3aeab8c1b7287115cddf06edb4a88a4a7c060.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
new1
hfiepqnsyosb.top:81
fhgerbugjreqnhfegrb.top:81
-
auth_value
3a3079db884153e24cc7bde3453aec7a
Targets
-
-
Target
fcc6630a3781bc584f63448d62e3aeab8c1b7287115cddf06edb4a88a4a7c060.exe
-
Size
2.4MB
-
MD5
b39a7bc324162d5bbe0ebb53c5f72a74
-
SHA1
1c3cb0cba6b2aca973aed18953bf394c96aadddd
-
SHA256
fcc6630a3781bc584f63448d62e3aeab8c1b7287115cddf06edb4a88a4a7c060
-
SHA512
72a8de9c826aff66f11ca849652d291a5cccf317830d8b6dc063c446a6982e2efc416a933a6a071448d26102aa1d2e5f4bad264c46abdb57d00e132ab87aaef9
-
SSDEEP
24576:W3Sui5m+5yX+RNFlnRgyuMnb9310oUUS/qnwpJDQgbf2Ma9yzncNsJPsHah+uAAw:cQNFRLgXD2NkznzAviKVCvbRN/sp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-