General
-
Target
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
-
Size
1.1MB
-
Sample
230513-3w73nacd3w
-
MD5
822998970219f1374df4e34f609e1620
-
SHA1
7fba79281c95a88488eabe56289fc02fccf0032f
-
SHA256
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
-
SHA512
ae006002cef3f21e6dcc5bfc4e088deab9169305854c3729eb1a13ada9e4987b93879f885ed53f8a11a9639d0da66ae511d65f2ecb06b77aed4ecb1eede4f60d
-
SSDEEP
24576:FyCTx5YPNE1Bjh84k7b/bJ9bIuUwVtcCe4HT3te8yfMQ8Ye5B+p90fvQr:g2xSFCB67bTfIULcCdzteTfFhe5B+p9/
Static task
static1
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Extracted
redline
Payment
194.87.151.214:2020
Targets
-
-
Target
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
-
Size
1.1MB
-
MD5
822998970219f1374df4e34f609e1620
-
SHA1
7fba79281c95a88488eabe56289fc02fccf0032f
-
SHA256
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
-
SHA512
ae006002cef3f21e6dcc5bfc4e088deab9169305854c3729eb1a13ada9e4987b93879f885ed53f8a11a9639d0da66ae511d65f2ecb06b77aed4ecb1eede4f60d
-
SSDEEP
24576:FyCTx5YPNE1Bjh84k7b/bJ9bIuUwVtcCe4HT3te8yfMQ8Ye5B+p90fvQr:g2xSFCB67bTfIULcCdzteTfFhe5B+p9/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-