General
-
Target
19e57872ac048c54a88c7b3e432ddd2c097e8a2d1ab488e8ae986e39d1cdb6a1
-
Size
778KB
-
Sample
230603-lwa99agd66
-
MD5
aed7fc4607c16922fccf439f2a6fb326
-
SHA1
d9d4775051369deeb8a1b1fd9c225100bb71dace
-
SHA256
19e57872ac048c54a88c7b3e432ddd2c097e8a2d1ab488e8ae986e39d1cdb6a1
-
SHA512
b2b0c3c0ec94474d6ff720e6150fac1541fd89ae1026910851a5474f99d8296a335e7c9b4813af9f50760d44a6191ad6cee5eae3352105e0c4b0e1d6d4ca0340
-
SSDEEP
12288:xMrTy90u0yEPdQ2VNtEBsW2q2hYroPsSby95PXW13ovRs01MP0Jolw:Ky+FPdQ2Vc6SroPsSN1Yvb1MEolw
Static task
static1
Behavioral task
behavioral1
Sample
19e57872ac048c54a88c7b3e432ddd2c097e8a2d1ab488e8ae986e39d1cdb6a1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
19e57872ac048c54a88c7b3e432ddd2c097e8a2d1ab488e8ae986e39d1cdb6a1
-
Size
778KB
-
MD5
aed7fc4607c16922fccf439f2a6fb326
-
SHA1
d9d4775051369deeb8a1b1fd9c225100bb71dace
-
SHA256
19e57872ac048c54a88c7b3e432ddd2c097e8a2d1ab488e8ae986e39d1cdb6a1
-
SHA512
b2b0c3c0ec94474d6ff720e6150fac1541fd89ae1026910851a5474f99d8296a335e7c9b4813af9f50760d44a6191ad6cee5eae3352105e0c4b0e1d6d4ca0340
-
SSDEEP
12288:xMrTy90u0yEPdQ2VNtEBsW2q2hYroPsSby95PXW13ovRs01MP0Jolw:Ky+FPdQ2Vc6SroPsSN1Yvb1MEolw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-