General
-
Target
eeffafd02cc6edc91124d654ea75e378c19b66465ff5327a386aee7e99431f0e
-
Size
778KB
-
Sample
230603-l26ncagg7w
-
MD5
e73191180eaa7db0e14093db17a69925
-
SHA1
7ed15ef91e7061876b38397efa8d43777e5772f3
-
SHA256
eeffafd02cc6edc91124d654ea75e378c19b66465ff5327a386aee7e99431f0e
-
SHA512
a4d543a0128f387b30636dce32a369fdc4c355194243bb65374b176b90740ceefd837a102f800d05d1d1b8df142c5f6a4bfe7f1a24bf4c98a9ff9ed4066f55e9
-
SSDEEP
12288:EMr3y909/1dTEVKHs2cuN0f8LjyTUXOest2Rwe0GWVkLRL08lPOHr+w:byQdIVKauNFjypzsRw/GWyLG8l2r+w
Static task
static1
Behavioral task
behavioral1
Sample
eeffafd02cc6edc91124d654ea75e378c19b66465ff5327a386aee7e99431f0e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
eeffafd02cc6edc91124d654ea75e378c19b66465ff5327a386aee7e99431f0e
-
Size
778KB
-
MD5
e73191180eaa7db0e14093db17a69925
-
SHA1
7ed15ef91e7061876b38397efa8d43777e5772f3
-
SHA256
eeffafd02cc6edc91124d654ea75e378c19b66465ff5327a386aee7e99431f0e
-
SHA512
a4d543a0128f387b30636dce32a369fdc4c355194243bb65374b176b90740ceefd837a102f800d05d1d1b8df142c5f6a4bfe7f1a24bf4c98a9ff9ed4066f55e9
-
SSDEEP
12288:EMr3y909/1dTEVKHs2cuN0f8LjyTUXOest2Rwe0GWVkLRL08lPOHr+w:byQdIVKauNFjypzsRw/GWyLG8l2r+w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-