General
-
Target
b805f9d02e558624ddc15a1ef42af9be6d3a1987b26193fb4f4aa676cc51c88f
-
Size
624KB
-
Sample
230604-r2ms5adb2t
-
MD5
bb9c7942cbfdd501e8b5ee6a2a12e439
-
SHA1
8df149057b5d49e0dd2e974eaa4b8b2d7bf20af4
-
SHA256
b805f9d02e558624ddc15a1ef42af9be6d3a1987b26193fb4f4aa676cc51c88f
-
SHA512
c4e46eb1443d44bcd7f8512a6a7854a823293b9f3f1ffed3e725042d9d3d6c1398596d145f35d53ac1f49a634b652d38b19f81dc75642e3b14fc3880e949ea06
-
SSDEEP
12288:bMr3y9087QXCrQ4SvmzF6POOUosOjeQtP/0Pw4PH92wBXlNQIQfqgAOZgG:QyUCFZ6PSQp6PHdBXlO/zAOZgG
Static task
static1
Behavioral task
behavioral1
Sample
b805f9d02e558624ddc15a1ef42af9be6d3a1987b26193fb4f4aa676cc51c88f.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
b805f9d02e558624ddc15a1ef42af9be6d3a1987b26193fb4f4aa676cc51c88f
-
Size
624KB
-
MD5
bb9c7942cbfdd501e8b5ee6a2a12e439
-
SHA1
8df149057b5d49e0dd2e974eaa4b8b2d7bf20af4
-
SHA256
b805f9d02e558624ddc15a1ef42af9be6d3a1987b26193fb4f4aa676cc51c88f
-
SHA512
c4e46eb1443d44bcd7f8512a6a7854a823293b9f3f1ffed3e725042d9d3d6c1398596d145f35d53ac1f49a634b652d38b19f81dc75642e3b14fc3880e949ea06
-
SSDEEP
12288:bMr3y9087QXCrQ4SvmzF6POOUosOjeQtP/0Pw4PH92wBXlNQIQfqgAOZgG:QyUCFZ6PSQp6PHdBXlO/zAOZgG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-