General
-
Target
deb4100e32cb54e5b23e05d8f39a4619.exe
-
Size
1.1MB
-
Sample
230529-jspblaah8y
-
MD5
deb4100e32cb54e5b23e05d8f39a4619
-
SHA1
4a52aa92c027fe3c382941ec391c1fabdc88ab13
-
SHA256
924e10b718441d510ce591122924550d3fdf6d8f98e105b7a53190d251cba49e
-
SHA512
98b93e8db2cbda2a6cdbc632705de54a081947c0b13fb8d432a392ac9ff5ce75be181adb94cc1a6ccd04ef2c684821e50282910b31cd893cb6e234301e3fc66c
-
SSDEEP
24576:FyDduO7wX/lStJ/qmzxe1eTnr7USZDJ1+A685/mvX0Tv/Un6bTE:gDjxRTnrl/cXy/j
Static task
static1
Behavioral task
behavioral1
Sample
deb4100e32cb54e5b23e05d8f39a4619.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
deb4100e32cb54e5b23e05d8f39a4619.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lizsa
83.97.73.127:19045
-
auth_value
44b0b71b36e78465dbdebb4ecfb78b77
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
deb4100e32cb54e5b23e05d8f39a4619.exe
-
Size
1.1MB
-
MD5
deb4100e32cb54e5b23e05d8f39a4619
-
SHA1
4a52aa92c027fe3c382941ec391c1fabdc88ab13
-
SHA256
924e10b718441d510ce591122924550d3fdf6d8f98e105b7a53190d251cba49e
-
SHA512
98b93e8db2cbda2a6cdbc632705de54a081947c0b13fb8d432a392ac9ff5ce75be181adb94cc1a6ccd04ef2c684821e50282910b31cd893cb6e234301e3fc66c
-
SSDEEP
24576:FyDduO7wX/lStJ/qmzxe1eTnr7USZDJ1+A685/mvX0Tv/Un6bTE:gDjxRTnrl/cXy/j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-