General
-
Target
d875470234d0f0a74fef1c2aea9eb645cdec8417badb0c01b650caa1878690ac
-
Size
754KB
-
Sample
230601-w7v4xafg93
-
MD5
8e24d42791ca2bc99afb5c58ed86d9d8
-
SHA1
38cca9f91bf5159e873334349cc34c33e7e8264e
-
SHA256
d875470234d0f0a74fef1c2aea9eb645cdec8417badb0c01b650caa1878690ac
-
SHA512
bd5222da894d0bd7f208f98e64b455a057e572829a818ced810383da0f2d7fa87b7d73504c555f84b0d1dc06aaf144428e0f743ec0b4437abc06c72973888b41
-
SSDEEP
12288:xMrPy90CHc51WaY6lHuwGoUFRwEnou95Xa5Y7alNvf3mq/wj/gc+8sGq8uaI0o:iyZO1W2lOwGpFy+sYelNXr4j/O8sfF
Static task
static1
Behavioral task
behavioral1
Sample
d875470234d0f0a74fef1c2aea9eb645cdec8417badb0c01b650caa1878690ac.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
d875470234d0f0a74fef1c2aea9eb645cdec8417badb0c01b650caa1878690ac
-
Size
754KB
-
MD5
8e24d42791ca2bc99afb5c58ed86d9d8
-
SHA1
38cca9f91bf5159e873334349cc34c33e7e8264e
-
SHA256
d875470234d0f0a74fef1c2aea9eb645cdec8417badb0c01b650caa1878690ac
-
SHA512
bd5222da894d0bd7f208f98e64b455a057e572829a818ced810383da0f2d7fa87b7d73504c555f84b0d1dc06aaf144428e0f743ec0b4437abc06c72973888b41
-
SSDEEP
12288:xMrPy90CHc51WaY6lHuwGoUFRwEnou95Xa5Y7alNvf3mq/wj/gc+8sGq8uaI0o:iyZO1W2lOwGpFy+sYelNXr4j/O8sfF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-