General
-
Target
94d43f489d94dedee996f60dabdaaf1477b77b2f2232c1012238b409b8a2139d
-
Size
1.0MB
-
Sample
230528-psgveafa96
-
MD5
c55a51e2a7b4bce3d215a944c5fccb4d
-
SHA1
f8b8900ab26d1a19ead76ad34da4fb795f3557b9
-
SHA256
94d43f489d94dedee996f60dabdaaf1477b77b2f2232c1012238b409b8a2139d
-
SHA512
39bd13ee87a844e8d39a8c81b700c77ee36f61653347d78e8c59ee27c583a405da8bff0e45682ff8189dfd323ec6a309d1ee7384019048ce9e02c77ca6f0fa2e
-
SSDEEP
24576:syQz1UdpfUmBVdKuojDaf8B7uby5yNVpUMGi22GAjO13:bk+CCDKuyDa0B70LGivGl
Static task
static1
Malware Config
Extracted
redline
laswa
83.97.73.127:19062
-
auth_value
f93b7c6dad009734b220c3bf54087e12
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
94d43f489d94dedee996f60dabdaaf1477b77b2f2232c1012238b409b8a2139d
-
Size
1.0MB
-
MD5
c55a51e2a7b4bce3d215a944c5fccb4d
-
SHA1
f8b8900ab26d1a19ead76ad34da4fb795f3557b9
-
SHA256
94d43f489d94dedee996f60dabdaaf1477b77b2f2232c1012238b409b8a2139d
-
SHA512
39bd13ee87a844e8d39a8c81b700c77ee36f61653347d78e8c59ee27c583a405da8bff0e45682ff8189dfd323ec6a309d1ee7384019048ce9e02c77ca6f0fa2e
-
SSDEEP
24576:syQz1UdpfUmBVdKuojDaf8B7uby5yNVpUMGi22GAjO13:bk+CCDKuyDa0B70LGivGl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-