General
-
Target
846a384302c6d3ae68c809326fa2e773.exe
-
Size
1.1MB
-
Sample
230529-jptrxaah4z
-
MD5
846a384302c6d3ae68c809326fa2e773
-
SHA1
92c7e9b56e2e5026d8a81a8e943c6c0da9c392e9
-
SHA256
1c1ec0a331c256360464c67d965d530e81238cbc44c4e0a73ed41c2c2afcf181
-
SHA512
5b4f1722faf1cb71f3b405c7fe236ede74fe58806ea2f2bf4b23e9c1770f009a2709545e908cbcedcf445a0be89da1dc5e558094d82332b8814385d5f0c19048
-
SSDEEP
24576:kyyrussqFX09/BzvpSW0KG2etKHBUSm3g6qEVDIotNp:zEsqFEzpSo8tKHC3g6qEVkoT
Static task
static1
Behavioral task
behavioral1
Sample
846a384302c6d3ae68c809326fa2e773.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
846a384302c6d3ae68c809326fa2e773.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
846a384302c6d3ae68c809326fa2e773.exe
-
Size
1.1MB
-
MD5
846a384302c6d3ae68c809326fa2e773
-
SHA1
92c7e9b56e2e5026d8a81a8e943c6c0da9c392e9
-
SHA256
1c1ec0a331c256360464c67d965d530e81238cbc44c4e0a73ed41c2c2afcf181
-
SHA512
5b4f1722faf1cb71f3b405c7fe236ede74fe58806ea2f2bf4b23e9c1770f009a2709545e908cbcedcf445a0be89da1dc5e558094d82332b8814385d5f0c19048
-
SSDEEP
24576:kyyrussqFX09/BzvpSW0KG2etKHBUSm3g6qEVDIotNp:zEsqFEzpSo8tKHC3g6qEVkoT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-