General
-
Target
049d829ce44d994dff3e10fba75e5784203c4a4b07ff01d9c3885d366f4695e8
-
Size
779KB
-
Sample
230603-jzyhvaga89
-
MD5
629a477b41946d573788503dd352c622
-
SHA1
30a7daab80881c9879f3a7fd9f52106771f38b1d
-
SHA256
049d829ce44d994dff3e10fba75e5784203c4a4b07ff01d9c3885d366f4695e8
-
SHA512
c28e6ae071f482f5b842c1336a5d6d58dcc107bf28eb9dd7fb3c64cf28b60f90f551b865b478bd02602a8361df079b03a9b74c4bdc9c523e43349ffbbd76d527
-
SSDEEP
12288:1MrTy90JVYAq0LDqM3xDCdUOXJLGMa0YdOcowNbXaUvRT0aMP26ldk1g:qyCYgiM3luUO5O0YdO7CVvOaMZldx
Static task
static1
Behavioral task
behavioral1
Sample
049d829ce44d994dff3e10fba75e5784203c4a4b07ff01d9c3885d366f4695e8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
049d829ce44d994dff3e10fba75e5784203c4a4b07ff01d9c3885d366f4695e8
-
Size
779KB
-
MD5
629a477b41946d573788503dd352c622
-
SHA1
30a7daab80881c9879f3a7fd9f52106771f38b1d
-
SHA256
049d829ce44d994dff3e10fba75e5784203c4a4b07ff01d9c3885d366f4695e8
-
SHA512
c28e6ae071f482f5b842c1336a5d6d58dcc107bf28eb9dd7fb3c64cf28b60f90f551b865b478bd02602a8361df079b03a9b74c4bdc9c523e43349ffbbd76d527
-
SSDEEP
12288:1MrTy90JVYAq0LDqM3xDCdUOXJLGMa0YdOcowNbXaUvRT0aMP26ldk1g:qyCYgiM3luUO5O0YdO7CVvOaMZldx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-