General
-
Target
56e50c4ad82116a6d0170e096adb67b1012e0e998a4fffedb6e675e3901510f8
-
Size
624KB
-
Sample
230604-skqzwsce54
-
MD5
2f92c19192f200982556564b9c9e6379
-
SHA1
71843170f64cd8586019a24a6dc22f03e8aef44e
-
SHA256
56e50c4ad82116a6d0170e096adb67b1012e0e998a4fffedb6e675e3901510f8
-
SHA512
52bbda4846b06cd323ca96d08331f2ef9be473552e7025c61080cef6551d36d930e0b32acf9134f7f8982cc468a24c6626c6d0747d361ba2ffc7bc1919f6e7aa
-
SSDEEP
12288:ZMrzy90KL7Oz/8rLzjvpqn93G5BLvA5cLRhakVSepNfuGH8zE:+yj7K/Gzjq93aBLvA5K9RLfuA8zE
Static task
static1
Behavioral task
behavioral1
Sample
56e50c4ad82116a6d0170e096adb67b1012e0e998a4fffedb6e675e3901510f8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
56e50c4ad82116a6d0170e096adb67b1012e0e998a4fffedb6e675e3901510f8
-
Size
624KB
-
MD5
2f92c19192f200982556564b9c9e6379
-
SHA1
71843170f64cd8586019a24a6dc22f03e8aef44e
-
SHA256
56e50c4ad82116a6d0170e096adb67b1012e0e998a4fffedb6e675e3901510f8
-
SHA512
52bbda4846b06cd323ca96d08331f2ef9be473552e7025c61080cef6551d36d930e0b32acf9134f7f8982cc468a24c6626c6d0747d361ba2ffc7bc1919f6e7aa
-
SSDEEP
12288:ZMrzy90KL7Oz/8rLzjvpqn93G5BLvA5cLRhakVSepNfuGH8zE:+yj7K/Gzjq93aBLvA5K9RLfuA8zE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-