General
-
Target
4122c81e4a420f347ee98b869af987969bd0ecfbe6e89faa5fccffdfd6e4753c
-
Size
778KB
-
Sample
230603-kp75zagc45
-
MD5
6589463412403bb9e54cd58a048b47e0
-
SHA1
558d1cdcffe87246fa4bfe666f3fcb23e49a4764
-
SHA256
4122c81e4a420f347ee98b869af987969bd0ecfbe6e89faa5fccffdfd6e4753c
-
SHA512
184e0d7a405d47227ec8ed9cee7c85dec70d8b64cc3396801866092c81022c76a3bc9ce7639ecc2fff3677e7f62b27ff8529c292cc73b2af4c76630498d10b3f
-
SSDEEP
12288:WMr2y90m4KJsn+RUOFRYgGu1sFtsPsBOjG79u80sD2lZqKlRH035P5h91Ma:oyr4Ke6WgP1479u/hl235Pf
Static task
static1
Behavioral task
behavioral1
Sample
4122c81e4a420f347ee98b869af987969bd0ecfbe6e89faa5fccffdfd6e4753c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
4122c81e4a420f347ee98b869af987969bd0ecfbe6e89faa5fccffdfd6e4753c
-
Size
778KB
-
MD5
6589463412403bb9e54cd58a048b47e0
-
SHA1
558d1cdcffe87246fa4bfe666f3fcb23e49a4764
-
SHA256
4122c81e4a420f347ee98b869af987969bd0ecfbe6e89faa5fccffdfd6e4753c
-
SHA512
184e0d7a405d47227ec8ed9cee7c85dec70d8b64cc3396801866092c81022c76a3bc9ce7639ecc2fff3677e7f62b27ff8529c292cc73b2af4c76630498d10b3f
-
SSDEEP
12288:WMr2y90m4KJsn+RUOFRYgGu1sFtsPsBOjG79u80sD2lZqKlRH035P5h91Ma:oyr4Ke6WgP1479u/hl235Pf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-