General
-
Target
ee63c5f410fd21f08ba03bda9c96fc1a0f482ab483d053fcd4f814fe8f260928
-
Size
1.0MB
-
Sample
230601-w5j9mafg79
-
MD5
1b7619d59a51b38937d8121ee752e40b
-
SHA1
b6e5aaa77fef09a82009ee812778071033982ee3
-
SHA256
ee63c5f410fd21f08ba03bda9c96fc1a0f482ab483d053fcd4f814fe8f260928
-
SHA512
b46fe40ff63b168f43cb2b549c9ddfb3449ef5e8a0b1931e1c0b8260c99b808982b51272f568d68ebe83f6c785cdfce68f9392f324b684bbf4d95d3156517553
-
SSDEEP
24576:lyCC3mA1bwqH+snXiaIEXNtYKX3etKq9W6:AJNbjtQoNlX3eIq
Static task
static1
Behavioral task
behavioral1
Sample
ee63c5f410fd21f08ba03bda9c96fc1a0f482ab483d053fcd4f814fe8f260928.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
lupa
83.97.73.127:19045
-
auth_value
6a764aa41830c77712442516d143bc9c
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
ee63c5f410fd21f08ba03bda9c96fc1a0f482ab483d053fcd4f814fe8f260928
-
Size
1.0MB
-
MD5
1b7619d59a51b38937d8121ee752e40b
-
SHA1
b6e5aaa77fef09a82009ee812778071033982ee3
-
SHA256
ee63c5f410fd21f08ba03bda9c96fc1a0f482ab483d053fcd4f814fe8f260928
-
SHA512
b46fe40ff63b168f43cb2b549c9ddfb3449ef5e8a0b1931e1c0b8260c99b808982b51272f568d68ebe83f6c785cdfce68f9392f324b684bbf4d95d3156517553
-
SSDEEP
24576:lyCC3mA1bwqH+snXiaIEXNtYKX3etKq9W6:AJNbjtQoNlX3eIq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-