General
-
Target
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641
-
Size
755KB
-
Sample
230602-felrrsac6x
-
MD5
efd7b2f9d764a3651d863dd6862311a2
-
SHA1
44feebf1663f488fa3be9181b1a501e36e348fe5
-
SHA256
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641
-
SHA512
56a5ad193eb31914d6aaedeee33f87779112cc674db58f441a65e238bb1c230716f192430a036ba2c0eee6928ac9d8cb188a7b082b083f60c0e5e141618788fc
-
SSDEEP
12288:+MrQy90j7eUvW7aFQBqkXnzTCjNsrsYUEFVdnk9xGQIZaOA9yJGS8Ac:6yy7ewlFnwHC+1UEF7kDGldA9yJGS0
Static task
static1
Behavioral task
behavioral1
Sample
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641
-
Size
755KB
-
MD5
efd7b2f9d764a3651d863dd6862311a2
-
SHA1
44feebf1663f488fa3be9181b1a501e36e348fe5
-
SHA256
a637f81de1d6d791bcddd4d6ca9b84de0b452f292fb3fd90c744ed2c0d5d4641
-
SHA512
56a5ad193eb31914d6aaedeee33f87779112cc674db58f441a65e238bb1c230716f192430a036ba2c0eee6928ac9d8cb188a7b082b083f60c0e5e141618788fc
-
SSDEEP
12288:+MrQy90j7eUvW7aFQBqkXnzTCjNsrsYUEFVdnk9xGQIZaOA9yJGS8Ac:6yy7ewlFnwHC+1UEF7kDGldA9yJGS0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-