General
-
Target
54d065d10ad88b6080baff4c9022cefc.exe
-
Size
1.1MB
-
Sample
230528-s7lzfsfh7s
-
MD5
54d065d10ad88b6080baff4c9022cefc
-
SHA1
d9b643436915fea88540eb0fbbf935983250f1ff
-
SHA256
412bd8c4546d08c9c75382080465565edbddc407221934823da9bf4ff123d115
-
SHA512
6b0a1d7e9c6be182cf5d06305ff27923b8919af31ecb724d14a6881582762437364312a90e79ab5c424fd96967b673d5902916d4477f2aa047e83568d498d9c1
-
SSDEEP
24576:IyX3/4SELG+qwIDC/948Y5D8Wfs6u0VPD+9iG2bel8WvelERK:PH/QOXDCl48Yh+6ucPDjG26aie2
Static task
static1
Behavioral task
behavioral1
Sample
54d065d10ad88b6080baff4c9022cefc.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
54d065d10ad88b6080baff4c9022cefc.exe
-
Size
1.1MB
-
MD5
54d065d10ad88b6080baff4c9022cefc
-
SHA1
d9b643436915fea88540eb0fbbf935983250f1ff
-
SHA256
412bd8c4546d08c9c75382080465565edbddc407221934823da9bf4ff123d115
-
SHA512
6b0a1d7e9c6be182cf5d06305ff27923b8919af31ecb724d14a6881582762437364312a90e79ab5c424fd96967b673d5902916d4477f2aa047e83568d498d9c1
-
SSDEEP
24576:IyX3/4SELG+qwIDC/948Y5D8Wfs6u0VPD+9iG2bel8WvelERK:PH/QOXDCl48Yh+6ucPDjG26aie2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-