General
-
Target
9300cb541bc951173fead4a8a19c2295905ae52e9947d585909b8cfb3911c8e6
-
Size
786KB
-
Sample
230602-kw9x5sba7z
-
MD5
12f9c0cc349adda05c7db518fc6ea024
-
SHA1
8dc7a477281f25704c24396c3319bbc87de3e82a
-
SHA256
9300cb541bc951173fead4a8a19c2295905ae52e9947d585909b8cfb3911c8e6
-
SHA512
97414e97a34e7d597882cd0603d4eadbf9b511da9a404a245fa75f8ac32e7005e62b040e1fa2e77b9af85440b6172c35cbc8220f8c56be51a14c581b39939d05
-
SSDEEP
12288:WMr8y90GvLFep0zrMeC64FxUCf9UQ2WDijTmZaj8Z3yC1xVuAZwqs3xHTeyJoc:+yZBeAUFaCVUQlGpg3l1xVWKs
Static task
static1
Behavioral task
behavioral1
Sample
9300cb541bc951173fead4a8a19c2295905ae52e9947d585909b8cfb3911c8e6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Extracted
redline
grom
83.97.73.127:19045
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Targets
-
-
Target
9300cb541bc951173fead4a8a19c2295905ae52e9947d585909b8cfb3911c8e6
-
Size
786KB
-
MD5
12f9c0cc349adda05c7db518fc6ea024
-
SHA1
8dc7a477281f25704c24396c3319bbc87de3e82a
-
SHA256
9300cb541bc951173fead4a8a19c2295905ae52e9947d585909b8cfb3911c8e6
-
SHA512
97414e97a34e7d597882cd0603d4eadbf9b511da9a404a245fa75f8ac32e7005e62b040e1fa2e77b9af85440b6172c35cbc8220f8c56be51a14c581b39939d05
-
SSDEEP
12288:WMr8y90GvLFep0zrMeC64FxUCf9UQ2WDijTmZaj8Z3yC1xVuAZwqs3xHTeyJoc:+yZBeAUFaCVUQlGpg3l1xVWKs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-