General
-
Target
e3f09cc2543523a75f558ee746891c08cd2d464d62b38db5ba284c30ffe4766b
-
Size
624KB
-
Sample
230604-s41nfadc21
-
MD5
403383c6416d1a9563760629b7fe1fce
-
SHA1
74e21ef53dba4d80e1dff2107a328c90e909f7df
-
SHA256
e3f09cc2543523a75f558ee746891c08cd2d464d62b38db5ba284c30ffe4766b
-
SHA512
483d6fa4589d0e8d7a02521bc200ee014226781e8e1453dedfa5bf34baeef16700491a98d4c60561349a170f31aebe6737860c817387d849f7620f4a6a4acdbe
-
SSDEEP
12288:lMr1y902Shwukgx7h5JNJspjvHL33ZklRVT2WnjKDku6J5M8sjA10:cyxcECd3fsprr33Zklj2WnuDQM8X0
Static task
static1
Behavioral task
behavioral1
Sample
e3f09cc2543523a75f558ee746891c08cd2d464d62b38db5ba284c30ffe4766b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
e3f09cc2543523a75f558ee746891c08cd2d464d62b38db5ba284c30ffe4766b
-
Size
624KB
-
MD5
403383c6416d1a9563760629b7fe1fce
-
SHA1
74e21ef53dba4d80e1dff2107a328c90e909f7df
-
SHA256
e3f09cc2543523a75f558ee746891c08cd2d464d62b38db5ba284c30ffe4766b
-
SHA512
483d6fa4589d0e8d7a02521bc200ee014226781e8e1453dedfa5bf34baeef16700491a98d4c60561349a170f31aebe6737860c817387d849f7620f4a6a4acdbe
-
SSDEEP
12288:lMr1y902Shwukgx7h5JNJspjvHL33ZklRVT2WnjKDku6J5M8sjA10:cyxcECd3fsprr33Zklj2WnuDQM8X0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-