General
-
Target
08267499.exe
-
Size
794KB
-
Sample
230603-kk8kyage6z
-
MD5
9407a6d5fc6cd98a17fa222392ececab
-
SHA1
0c4c6d4a7d096cdbb2ec4483bbdf5878438c012b
-
SHA256
6b86b18a272d78b8bb0a09f8ded702e13c3ba54d222760fc1d02d635d780fc03
-
SHA512
d0b84d49172f793eeba91ddd4cbd7e95ceed76ac3a68e5cc5b4c181ec684152c85591b95dd59414ac1902ef93ccfe58e424ac15f5f0f7ca810849a6d0c351036
-
SSDEEP
12288:QMrvy90EPY3Ox+FahUavI60pAfgPe6TTahVOl/dQAk3ngdtGFV+EnZO8PcyYGkdW:vy1+F1zLFqCl/d8wEVdnZOM3YlztWj3
Static task
static1
Behavioral task
behavioral1
Sample
08267499.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08267499.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
08267499.exe
-
Size
794KB
-
MD5
9407a6d5fc6cd98a17fa222392ececab
-
SHA1
0c4c6d4a7d096cdbb2ec4483bbdf5878438c012b
-
SHA256
6b86b18a272d78b8bb0a09f8ded702e13c3ba54d222760fc1d02d635d780fc03
-
SHA512
d0b84d49172f793eeba91ddd4cbd7e95ceed76ac3a68e5cc5b4c181ec684152c85591b95dd59414ac1902ef93ccfe58e424ac15f5f0f7ca810849a6d0c351036
-
SSDEEP
12288:QMrvy90EPY3Ox+FahUavI60pAfgPe6TTahVOl/dQAk3ngdtGFV+EnZO8PcyYGkdW:vy1+F1zLFqCl/d8wEVdnZOM3YlztWj3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-