General
-
Target
f8e255eef59ce44e71a377c7b433550d59c8078884673cad97b937e1cb370e57
-
Size
1.1MB
-
Sample
230529-bkxn1ahe5x
-
MD5
5896a3d32d0c098783a3328f73180e1c
-
SHA1
a2dc65bd6929a9ab3198844076db329b2cdb586a
-
SHA256
f8e255eef59ce44e71a377c7b433550d59c8078884673cad97b937e1cb370e57
-
SHA512
bd6966afd79b52a3c2b7238eebf0a8277fd2efede24a0b5f46006ff678a01872c186b4d8567ec459e85ea57e7055bab4e0ef606981e792c458f560930553be19
-
SSDEEP
24576:xybHl/yIGC0v227WyZX5eUnwDUSXnbOrodTDat:kbF/y00v2JyOUnwJbOY
Static task
static1
Malware Config
Extracted
redline
lizsa
83.97.73.127:19045
-
auth_value
44b0b71b36e78465dbdebb4ecfb78b77
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
f8e255eef59ce44e71a377c7b433550d59c8078884673cad97b937e1cb370e57
-
Size
1.1MB
-
MD5
5896a3d32d0c098783a3328f73180e1c
-
SHA1
a2dc65bd6929a9ab3198844076db329b2cdb586a
-
SHA256
f8e255eef59ce44e71a377c7b433550d59c8078884673cad97b937e1cb370e57
-
SHA512
bd6966afd79b52a3c2b7238eebf0a8277fd2efede24a0b5f46006ff678a01872c186b4d8567ec459e85ea57e7055bab4e0ef606981e792c458f560930553be19
-
SSDEEP
24576:xybHl/yIGC0v227WyZX5eUnwDUSXnbOrodTDat:kbF/y00v2JyOUnwJbOY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-