General
-
Target
68dfe379617980e85f32b007d106d694dc3b2cc1d66a5bf78174be42ef35db55
-
Size
625KB
-
Sample
230604-sfxxmsce37
-
MD5
ce5da1ccab179048b5598bc9c166475e
-
SHA1
89dc0810cfcaca07dab5ce5ce6fb8687b9213b73
-
SHA256
68dfe379617980e85f32b007d106d694dc3b2cc1d66a5bf78174be42ef35db55
-
SHA512
6e166489fbb1b43cd360a2e27b712730ceee89dfd3669199a29d5d0a03560d1142b9220710daa311908d1de6f4e431ed93bd3498e4de229ee58731b8c835fd53
-
SSDEEP
12288:9MrCy90QIgF7mRDbHqBY8jPI/lh7TMvtigrtS3lJCs/Ej0ZNz:TykgobMYePCT7St/gv/fR
Static task
static1
Behavioral task
behavioral1
Sample
68dfe379617980e85f32b007d106d694dc3b2cc1d66a5bf78174be42ef35db55.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
68dfe379617980e85f32b007d106d694dc3b2cc1d66a5bf78174be42ef35db55
-
Size
625KB
-
MD5
ce5da1ccab179048b5598bc9c166475e
-
SHA1
89dc0810cfcaca07dab5ce5ce6fb8687b9213b73
-
SHA256
68dfe379617980e85f32b007d106d694dc3b2cc1d66a5bf78174be42ef35db55
-
SHA512
6e166489fbb1b43cd360a2e27b712730ceee89dfd3669199a29d5d0a03560d1142b9220710daa311908d1de6f4e431ed93bd3498e4de229ee58731b8c835fd53
-
SSDEEP
12288:9MrCy90QIgF7mRDbHqBY8jPI/lh7TMvtigrtS3lJCs/Ej0ZNz:TykgobMYePCT7St/gv/fR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-