General
-
Target
65dc87a3f18baabc9afb5dc6174a7b59b1348e04bee763e8d7c888704c3753c5
-
Size
779KB
-
Sample
230603-ls824sgg4w
-
MD5
c300110c8a8b409e3218a171dc013ef2
-
SHA1
8892aaea405af2127618856b418e8daabb47eb19
-
SHA256
65dc87a3f18baabc9afb5dc6174a7b59b1348e04bee763e8d7c888704c3753c5
-
SHA512
6115314037d3230ed8c67e8a0bf19c38a7729e7cc38cfc30eb87765a7f8dd20c0cdaa159275cec8f78a1421663c03d667bd794fd69fc72582cfd3bef84a79e59
-
SSDEEP
12288:bMrby90OhV2P8lG+eaqGucFTy2iic5sTFpWd1jfu8Xp18Xc4UCnVdXT0MPrx+Ta:wypVxlGNVAsjiGsZpW7fFoGC3D0M1P
Static task
static1
Behavioral task
behavioral1
Sample
65dc87a3f18baabc9afb5dc6174a7b59b1348e04bee763e8d7c888704c3753c5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
65dc87a3f18baabc9afb5dc6174a7b59b1348e04bee763e8d7c888704c3753c5
-
Size
779KB
-
MD5
c300110c8a8b409e3218a171dc013ef2
-
SHA1
8892aaea405af2127618856b418e8daabb47eb19
-
SHA256
65dc87a3f18baabc9afb5dc6174a7b59b1348e04bee763e8d7c888704c3753c5
-
SHA512
6115314037d3230ed8c67e8a0bf19c38a7729e7cc38cfc30eb87765a7f8dd20c0cdaa159275cec8f78a1421663c03d667bd794fd69fc72582cfd3bef84a79e59
-
SSDEEP
12288:bMrby90OhV2P8lG+eaqGucFTy2iic5sTFpWd1jfu8Xp18Xc4UCnVdXT0MPrx+Ta:wypVxlGNVAsjiGsZpW7fFoGC3D0M1P
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-