General
-
Target
c8fe05e2e1fe14024d78fddc8d99984267df02a5cd682d03453a2f4f175dd6a9
-
Size
753KB
-
Sample
230601-xl65qagc4x
-
MD5
0e79b4acfc8f62a8457504c9a39dd68b
-
SHA1
2ee38809a594b92a2a317ff4541f8a5e197ed516
-
SHA256
c8fe05e2e1fe14024d78fddc8d99984267df02a5cd682d03453a2f4f175dd6a9
-
SHA512
5a22d54947a37a6a73b002be5d6cecfd137582bda986d85ebd3244f5655ebdc7dd27403dee08fc97e84393d1fec7277bad1412c1d0e16e4d41438da6a7394118
-
SSDEEP
12288:gMrGy90K/qIl9L2TLU9v7movWR+cRhA6ANsh7aGRUxye6:WyZP9qUVqGqm6AnzxyL
Static task
static1
Behavioral task
behavioral1
Sample
c8fe05e2e1fe14024d78fddc8d99984267df02a5cd682d03453a2f4f175dd6a9.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
c8fe05e2e1fe14024d78fddc8d99984267df02a5cd682d03453a2f4f175dd6a9
-
Size
753KB
-
MD5
0e79b4acfc8f62a8457504c9a39dd68b
-
SHA1
2ee38809a594b92a2a317ff4541f8a5e197ed516
-
SHA256
c8fe05e2e1fe14024d78fddc8d99984267df02a5cd682d03453a2f4f175dd6a9
-
SHA512
5a22d54947a37a6a73b002be5d6cecfd137582bda986d85ebd3244f5655ebdc7dd27403dee08fc97e84393d1fec7277bad1412c1d0e16e4d41438da6a7394118
-
SSDEEP
12288:gMrGy90K/qIl9L2TLU9v7movWR+cRhA6ANsh7aGRUxye6:WyZP9qUVqGqm6AnzxyL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-