General
-
Target
dd7d27a3cc593bfb0eb6dd692a9263378712db65adf3280303428e9bff3308b0
-
Size
624KB
-
Sample
230604-rxvm6scd86
-
MD5
4e39c5e601ad35d3139d3373f60fcca5
-
SHA1
c7d31d8d0348d2a39061ab2bee6f96f5932598db
-
SHA256
dd7d27a3cc593bfb0eb6dd692a9263378712db65adf3280303428e9bff3308b0
-
SHA512
1402fd230b76ba13cc61b57331574d9117432c7553aeb732db0cfdd1839e51095f985d9a0027d2df92730eba51f782a4d91a7eeb586f8ce8b3a2fc5aaa81c39e
-
SSDEEP
12288:IMrVy90uS+5ictvlAPx0BnPyMWI+pUXWCccmlhxBit8QSPG8RKGWkJKZ:9yTHNlAPx0Bna9I+plx00P5on
Static task
static1
Behavioral task
behavioral1
Sample
dd7d27a3cc593bfb0eb6dd692a9263378712db65adf3280303428e9bff3308b0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
dd7d27a3cc593bfb0eb6dd692a9263378712db65adf3280303428e9bff3308b0
-
Size
624KB
-
MD5
4e39c5e601ad35d3139d3373f60fcca5
-
SHA1
c7d31d8d0348d2a39061ab2bee6f96f5932598db
-
SHA256
dd7d27a3cc593bfb0eb6dd692a9263378712db65adf3280303428e9bff3308b0
-
SHA512
1402fd230b76ba13cc61b57331574d9117432c7553aeb732db0cfdd1839e51095f985d9a0027d2df92730eba51f782a4d91a7eeb586f8ce8b3a2fc5aaa81c39e
-
SSDEEP
12288:IMrVy90uS+5ictvlAPx0BnPyMWI+pUXWCccmlhxBit8QSPG8RKGWkJKZ:9yTHNlAPx0Bna9I+plx00P5on
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-