General
-
Target
08031399.exe
-
Size
1.1MB
-
Sample
230528-wqdhjaga95
-
MD5
033b5a43d82fd615986e9fea7d8a8e6c
-
SHA1
368dae1edf4c5c6935ac41d938cc6c9e92c0e4aa
-
SHA256
acf2e5e45baa4b9a72f8a559639102a75224927a2fb75133d3cbab08de6a278a
-
SHA512
3d0ef172b0ef7b510315a27b230ed1ff161e31c5cd2aa95377a410ea96ccf9efb3bf6cd6e321cb783e0ce9af7c57b0235f93e7e0cc0452a0feef14e01ed7eb3f
-
SSDEEP
24576:FynyJ2BKsjvaXXm1MFN7tKDbJdkEybz+7DL6:gyMBLvaHNjtKD52+7
Static task
static1
Behavioral task
behavioral1
Sample
08031399.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
08031399.exe
-
Size
1.1MB
-
MD5
033b5a43d82fd615986e9fea7d8a8e6c
-
SHA1
368dae1edf4c5c6935ac41d938cc6c9e92c0e4aa
-
SHA256
acf2e5e45baa4b9a72f8a559639102a75224927a2fb75133d3cbab08de6a278a
-
SHA512
3d0ef172b0ef7b510315a27b230ed1ff161e31c5cd2aa95377a410ea96ccf9efb3bf6cd6e321cb783e0ce9af7c57b0235f93e7e0cc0452a0feef14e01ed7eb3f
-
SSDEEP
24576:FynyJ2BKsjvaXXm1MFN7tKDbJdkEybz+7DL6:gyMBLvaHNjtKD52+7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-