General
-
Target
5390e4ddeaf8c5da45c71e12b4ceb7ab321868f6340c97ee53631b24d7e32d19
-
Size
625KB
-
Sample
230604-s41y7sdc3s
-
MD5
3d0fa8ab2d0bc93795665fa98be95230
-
SHA1
5260d6a00e69a988d165e47239dcff9ffafc816e
-
SHA256
5390e4ddeaf8c5da45c71e12b4ceb7ab321868f6340c97ee53631b24d7e32d19
-
SHA512
548913f4a4a524bae6162e68a7538015f73f4f348c053105270a352a4c141a5800eb92c37e2ddb5eb6b29b9a74d0507327a75f86a0d9c3d9078449ee237ef51d
-
SSDEEP
12288:vMrjy90nX4/xKPLRGGL1dgnEFAK7d/nCjj3AsGQjw:8ytcRx1uAAKVC3BF8
Static task
static1
Behavioral task
behavioral1
Sample
5390e4ddeaf8c5da45c71e12b4ceb7ab321868f6340c97ee53631b24d7e32d19.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
5390e4ddeaf8c5da45c71e12b4ceb7ab321868f6340c97ee53631b24d7e32d19
-
Size
625KB
-
MD5
3d0fa8ab2d0bc93795665fa98be95230
-
SHA1
5260d6a00e69a988d165e47239dcff9ffafc816e
-
SHA256
5390e4ddeaf8c5da45c71e12b4ceb7ab321868f6340c97ee53631b24d7e32d19
-
SHA512
548913f4a4a524bae6162e68a7538015f73f4f348c053105270a352a4c141a5800eb92c37e2ddb5eb6b29b9a74d0507327a75f86a0d9c3d9078449ee237ef51d
-
SSDEEP
12288:vMrjy90nX4/xKPLRGGL1dgnEFAK7d/nCjj3AsGQjw:8ytcRx1uAAKVC3BF8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-