General
-
Target
bc23bd91b50ec28da0af5e3edf54d93c4ed20012dfe4ed279a5f1b8c25782f5e
-
Size
779KB
-
Sample
230603-ky2pjsgf5w
-
MD5
cdff3d9888ce12367f3be1246d6a415b
-
SHA1
b2fcfacd22a68bb6754ebefd7c0a04d6196f9767
-
SHA256
bc23bd91b50ec28da0af5e3edf54d93c4ed20012dfe4ed279a5f1b8c25782f5e
-
SHA512
71a4ae38e052711102beefe92a9f5f0e4f5b8451dacad4ae70718df1600caa8eeef763171f3386ac264ed19610bb19a4c7d32e4b3a89df01e317d8978c885210
-
SSDEEP
24576:uyqQfsPEHTNyZbAwJRBth1BkfSf4S9vVxMA7:9VXTNyp4y4S9vs
Static task
static1
Behavioral task
behavioral1
Sample
bc23bd91b50ec28da0af5e3edf54d93c4ed20012dfe4ed279a5f1b8c25782f5e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
bc23bd91b50ec28da0af5e3edf54d93c4ed20012dfe4ed279a5f1b8c25782f5e
-
Size
779KB
-
MD5
cdff3d9888ce12367f3be1246d6a415b
-
SHA1
b2fcfacd22a68bb6754ebefd7c0a04d6196f9767
-
SHA256
bc23bd91b50ec28da0af5e3edf54d93c4ed20012dfe4ed279a5f1b8c25782f5e
-
SHA512
71a4ae38e052711102beefe92a9f5f0e4f5b8451dacad4ae70718df1600caa8eeef763171f3386ac264ed19610bb19a4c7d32e4b3a89df01e317d8978c885210
-
SSDEEP
24576:uyqQfsPEHTNyZbAwJRBth1BkfSf4S9vVxMA7:9VXTNyp4y4S9vs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-