General
-
Target
c4b74b889853d962d5e94d5e8e8b655854ae61be33258dfb5772e559a81b9e63
-
Size
625KB
-
Sample
230604-r38f8acd97
-
MD5
3ef90b941e8877d4996c631a8d8cc174
-
SHA1
94c5ec6bdfbaad679c92f790a6b5e0ec4491e6ac
-
SHA256
c4b74b889853d962d5e94d5e8e8b655854ae61be33258dfb5772e559a81b9e63
-
SHA512
5823d2da9929c3c63cdde89c6f6a2b466c5d73d711e8daba3a68620bb3155283c83e3f01badb7b850d0938b6cb2b9c99b61230e385db003200fdc9d14eee608d
-
SSDEEP
12288:YMrBy904LgohUDir86zztsLjb5dLj4b8baedxNNJ4yi3cjvWJlT:py7yDir5vwPXo8btdx4GkT
Static task
static1
Behavioral task
behavioral1
Sample
c4b74b889853d962d5e94d5e8e8b655854ae61be33258dfb5772e559a81b9e63.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
c4b74b889853d962d5e94d5e8e8b655854ae61be33258dfb5772e559a81b9e63
-
Size
625KB
-
MD5
3ef90b941e8877d4996c631a8d8cc174
-
SHA1
94c5ec6bdfbaad679c92f790a6b5e0ec4491e6ac
-
SHA256
c4b74b889853d962d5e94d5e8e8b655854ae61be33258dfb5772e559a81b9e63
-
SHA512
5823d2da9929c3c63cdde89c6f6a2b466c5d73d711e8daba3a68620bb3155283c83e3f01badb7b850d0938b6cb2b9c99b61230e385db003200fdc9d14eee608d
-
SSDEEP
12288:YMrBy904LgohUDir86zztsLjb5dLj4b8baedxNNJ4yi3cjvWJlT:py7yDir5vwPXo8btdx4GkT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-