General
-
Target
00a8219e62f674eb81a659981d3cee2e358042b356a5179a832b5ea122e1ba1b
-
Size
624KB
-
Sample
230604-r2bqvsda9z
-
MD5
f673fd77bb999f12cd9d470747aad031
-
SHA1
03e0c0637b367f47f3558f35a6b50e905373c1d2
-
SHA256
00a8219e62f674eb81a659981d3cee2e358042b356a5179a832b5ea122e1ba1b
-
SHA512
0f3d51bd29b26c9458e1bc538815ded5574b79d628230e12f40e888616cb23758d958f9c4768c77068fc9842f8742d9d99aff349646c62f173e81d84c4cd1a16
-
SSDEEP
12288:rMrNy909MutVfaWrUkZOUjqoYGz7lE0jcHzSe6:qy4+WrvgUjqollTGzSJ
Static task
static1
Behavioral task
behavioral1
Sample
00a8219e62f674eb81a659981d3cee2e358042b356a5179a832b5ea122e1ba1b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
00a8219e62f674eb81a659981d3cee2e358042b356a5179a832b5ea122e1ba1b
-
Size
624KB
-
MD5
f673fd77bb999f12cd9d470747aad031
-
SHA1
03e0c0637b367f47f3558f35a6b50e905373c1d2
-
SHA256
00a8219e62f674eb81a659981d3cee2e358042b356a5179a832b5ea122e1ba1b
-
SHA512
0f3d51bd29b26c9458e1bc538815ded5574b79d628230e12f40e888616cb23758d958f9c4768c77068fc9842f8742d9d99aff349646c62f173e81d84c4cd1a16
-
SSDEEP
12288:rMrNy909MutVfaWrUkZOUjqoYGz7lE0jcHzSe6:qy4+WrvgUjqollTGzSJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-