General
-
Target
4e4ea1433849ddf717467b3d7b52ac25e43f7db7adcb19526915a525f836a796
-
Size
779KB
-
Sample
230603-l9cp8sgg8z
-
MD5
eea0a2bbeed89e636eee51a91bb3b0e8
-
SHA1
1f11ac35b1b8b3f8b791b896a7194fc37be2d549
-
SHA256
4e4ea1433849ddf717467b3d7b52ac25e43f7db7adcb19526915a525f836a796
-
SHA512
2597c3b6cd040995f2bd5a282d6e33c990847e7a27a949e361f83be6f776ae5ff6f7203a3d87e4da1f62f6bfab6e29235acd1154ccc2b72daf3eb2734e79c978
-
SSDEEP
12288:3Mrdy90g70Y06pAvmJdq8ig/apBh5U96Ws18jqIfdM7+iBFDg4l4YP5PfYjtnNVM:myNmHcigyx5xzm2If6nl4G5qtnN+mG
Static task
static1
Behavioral task
behavioral1
Sample
4e4ea1433849ddf717467b3d7b52ac25e43f7db7adcb19526915a525f836a796.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
4e4ea1433849ddf717467b3d7b52ac25e43f7db7adcb19526915a525f836a796
-
Size
779KB
-
MD5
eea0a2bbeed89e636eee51a91bb3b0e8
-
SHA1
1f11ac35b1b8b3f8b791b896a7194fc37be2d549
-
SHA256
4e4ea1433849ddf717467b3d7b52ac25e43f7db7adcb19526915a525f836a796
-
SHA512
2597c3b6cd040995f2bd5a282d6e33c990847e7a27a949e361f83be6f776ae5ff6f7203a3d87e4da1f62f6bfab6e29235acd1154ccc2b72daf3eb2734e79c978
-
SSDEEP
12288:3Mrdy90g70Y06pAvmJdq8ig/apBh5U96Ws18jqIfdM7+iBFDg4l4YP5PfYjtnNVM:myNmHcigyx5xzm2If6nl4G5qtnN+mG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-