General
-
Target
119b4a543d952f4c3b8d4bc931b257c086807ffaf7bbcdccf5dd6c4f01d8d92c
-
Size
625KB
-
Sample
230604-rzrpascd88
-
MD5
64a04cfd5171d547893820ed786b1d4d
-
SHA1
333c8402da9b0581c16705e006609749b9096aac
-
SHA256
119b4a543d952f4c3b8d4bc931b257c086807ffaf7bbcdccf5dd6c4f01d8d92c
-
SHA512
a58e2297b69d3db184642e140988ee6983f68ba9222e8b2a09ffd22a3282d5aed2e20e3f94c7cdba9421acca1ec924d93d8830edd8a76342eb9e3324c529f673
-
SSDEEP
12288:TMr7y90nEgQCi1yDp5SIwR0Z+I7iHH+VU/uHhWoQLS57CLi:cybNCcrzA+v+VmA95mLi
Static task
static1
Behavioral task
behavioral1
Sample
119b4a543d952f4c3b8d4bc931b257c086807ffaf7bbcdccf5dd6c4f01d8d92c.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
119b4a543d952f4c3b8d4bc931b257c086807ffaf7bbcdccf5dd6c4f01d8d92c
-
Size
625KB
-
MD5
64a04cfd5171d547893820ed786b1d4d
-
SHA1
333c8402da9b0581c16705e006609749b9096aac
-
SHA256
119b4a543d952f4c3b8d4bc931b257c086807ffaf7bbcdccf5dd6c4f01d8d92c
-
SHA512
a58e2297b69d3db184642e140988ee6983f68ba9222e8b2a09ffd22a3282d5aed2e20e3f94c7cdba9421acca1ec924d93d8830edd8a76342eb9e3324c529f673
-
SSDEEP
12288:TMr7y90nEgQCi1yDp5SIwR0Z+I7iHH+VU/uHhWoQLS57CLi:cybNCcrzA+v+VmA95mLi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-