General
-
Target
bd1ab2ea7e04e013838d361af1a7fe0b7f8cdcdc59262fb24e9747344194df6e
-
Size
778KB
-
Sample
230603-k38zesgc89
-
MD5
a4a879911229a7d5e16a9239ec9f03ec
-
SHA1
f6ead99e37fe74ad054e83577fa1181d7dad34f3
-
SHA256
bd1ab2ea7e04e013838d361af1a7fe0b7f8cdcdc59262fb24e9747344194df6e
-
SHA512
2bb97ab52e27bb9a9e2071d5b5b255ddf63781f9ad5fc2f9d9986ecf4c73feae1038db01a86e05e9ab9ffa643e9195ae34281113a65f548dce1739c619264ef3
-
SSDEEP
12288:4MrPy902JphILyF2n8uvNEUcfGnLJF6EttH0NSBHfRb0UzPgkNJo:Hy9iwUtllcfeLJJjLfuUzho
Static task
static1
Behavioral task
behavioral1
Sample
bd1ab2ea7e04e013838d361af1a7fe0b7f8cdcdc59262fb24e9747344194df6e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
bd1ab2ea7e04e013838d361af1a7fe0b7f8cdcdc59262fb24e9747344194df6e
-
Size
778KB
-
MD5
a4a879911229a7d5e16a9239ec9f03ec
-
SHA1
f6ead99e37fe74ad054e83577fa1181d7dad34f3
-
SHA256
bd1ab2ea7e04e013838d361af1a7fe0b7f8cdcdc59262fb24e9747344194df6e
-
SHA512
2bb97ab52e27bb9a9e2071d5b5b255ddf63781f9ad5fc2f9d9986ecf4c73feae1038db01a86e05e9ab9ffa643e9195ae34281113a65f548dce1739c619264ef3
-
SSDEEP
12288:4MrPy902JphILyF2n8uvNEUcfGnLJF6EttH0NSBHfRb0UzPgkNJo:Hy9iwUtllcfeLJJjLfuUzho
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-